Early in the day, F-Secure Corp reported that there were at least three variants of Zotob, a new worm called Bozori, and many more new variants of known malware Sdbot, CodBot, and IRCbot, all exploiting the same vulnerability.
The IRCbots were set up to remove Zotobs, and the Bozori’s were designed to remove the Zotobs, Rbots and SDBots, F-Secure said, inferring that the internet was witnessing a bot war, with rival gangs trying to outdo each other.
This has been known to happen. Last year, early variants of the MyDoom and Bagle email worms were designed to kill each other, when they found machines where the other was already installed.
Because all the latest worms drop back-doors on machines they infect, some are concluding that competing gangs are trying to create the biggest network of bots, drone machines that can be used in future nastiness. But not all agree.
It’s not necessarily a bot war, said McAfee virus research Lysa Myers. It could be the same person or gang just updating their old malware with new functionality, she said. Unlike previous worm wars, there is no comment text to indicate rival gangs.
Many firms were unprepared for the onslaught, as the first Zotob appeared just four days after Microsoft published security advisory MS05-039, which outlines the plug-and-play vulnerability that the worms all exploit.
Judging from the number of companies confirming outages as a result of infection, Zotob and its relations was the biggest network worm to hit the net since Sasser, last year. But antivirus firms and Microsoft insisted it was a relatively minor problem.
Content from our partners
ABC, Caterpillar, CNN, Disney, Daimler-Chrysler, the Financial Times, Kraft, the
New York Times, San Francisco International Airport, SBC, and UPS were among the corporations reported to have been infected.
In Australia, newspapers reported that a Holden car manufacturing plant, which had key systems running Windows, ground to a halt whilst producing AUS$6m of cars, and that Zotob was cited as the prime suspect.
Reports for California indicated that 12,000 local government PCs in San Diego county were crashed by Zotob or a variant.
Microsoft, however, said the worms were a minor threat, due to mitigating circumstances such as firewalls, the availability of a patch, and the fact that only Windows 2000 machines are generally affected.
