Internet users are in the middle of a pitch battle between rival criminal gangs as they seek to drive off each other's malware from victim's computers.
According to a new report from anti-virus company Kaspersky, three separate groups behind the Warezov, Zhelatin and Bagle worms are creating rival botnets to sell to spammers and this is bringing them in to conflict with each other.
Each group makes a lot of money from spammers who use the gangs' botnets to churn out spam. In order to make more money, each gang needs to have more compromised computers so these gangs are forcing each other's viruses off target computers and palnting their own malware to gain control and add the host to their own botnet.
"War had been declared in cyberspace between the groups producing Warezov and Zhelatin," said Alexander Gostev, senior virus analyst at Kaspersky Lab. "Taking into account the size of the botnets used by both groups, and their clear aim to conduct a large number of attacks, the situations was clear: this is threatening to become one of the most serious problems on the internet in recent years."
He said that until now, the best known cyber conflict was that between Mydoom, Bagle and NetSky, back in spring 2004. The network was flooded with dozens of variants of these worms: they scanned victim machines for their competitors and took their place, deleting the original worm. The war was brought to an end by the arrest of 18 year old Sven Jaschan, the author of NetSky, in Germany.
But, warned Gostev, Jaschan's creations remain one of the most widespread worms in mail traffic.
"Out of all the malware authors involved, only the authors of Bagle have remained active," he said "It's true that they disappeared into the shadows for a while, and didn't react in any way to the appearance of Warezov, which is why we thought that they might have been involved in creating this worm."
But in January Bagle suddenly reappeared, and one variant of this worm became the most widespread malicious program in mail traffic.
Gostev said that three groups, from different countries, are all busy with the same thing - creating botnets to send spam and harvest email addresses.
He said that almost 32 per cent of all malicious code in mail traffic in March 2007 was made up of Trojan-Spy.HTML.Bankfraud.ra. "This was clearly a result of the epidemics caused by Bagle, Zhelatin and Warezov," said Gostev.
