In what has turned out to be an historically unprecedented week, the combined economic damage to date from Bagle, MyDoom and NetSky has now crossed $100bn worldwide over the weekend.
The first eight days of March indicate that it is heading to be the worst month for malware proliferation in 2004 according to the mi2g Intelligence Unit, the world leader in digital risk. January and February have also been record breaking months. Seven of the top ten most damaging malware families of all time had their peak infection points in the last twelve months, suggesting a serious rise in global malware epidemics in the last year. Over 215 countries have now been infected by the MyDoom, NetSky and Bagle malware tsunami. The most damaging malware since 1995 that remains ahead of NetSky is now limited to MyDoom and Sobig.
Upon analysing the juvenile dialogue between the malware writers of NetSky, Bagle and MyDoom it has been prematurely concluded by a range of commentators that this is a turf war between teenagers or college students seeking global notoriety. Whilst script kiddies are active in large numbers around the globe benefiting from freely available online hacking and malware authoring tools, a coincidental release of malware variants that have contributed to a tsunami is highly unlikely to be merely the work of teenagers. The capability of middle aged men to behave as ten-year-olds on children's bulletin boards is well understood by those who study paedophilia on the internet. Therefore it could well be that the teenager-type messages were deliberately left behind by more mature malevolents to benefit from the publicity of their intended disguise that delivers obscurity to the real motives behind this rapid release of malware variants and the colonisation of millions of zombie computers in homes, places of learning, government departments and corporations.
The Bagle malware family, which has had so many new variants in such a short space of time that the alphabet is nearly exhausted, has climbed from the position of 17th worst malware to 9th worst malware over the weekend, costing an estimated economic damage of between $4.4bn and $5.3bn worldwide to date. Some Bagle variants propagate through an email with an encrypted and compressed attachment and the message contains the password required to open them. This approach ensures that antivirus scanners are unable to unwrap the shell and look inside.
Many organisations have taken the extra precaution of disallowing all compressed attachments at present, which is hindering productivity in the graphic design, photography and multi-media industries.
The MyDoom malware family has stopped spreading as fast as it did upon its initial release but remains at the number one position of most damaging malware of all time, having caused between $73.3bn and $89.6bn of damage worldwide. mi2g Intelligence Unit data shows that all the NetSky variants combined have already caused between $26.5bn and $32.4bn of estimated damages worldwide as NetSky.d, NetSky.b and NetSky.c continue to spread in that order. This puts the NetSky family at the 3rd rank in the "Top 25 Table" of most damaging malware.
The social engineering of the latest malware is advanced and very methodical, which suggests a high level of specificity in what the malware writers seek. The backdoors that are left open by MyDoom, for example, cannot be exploited easily by a novice. Hundreds of thousands of tailor-made emails received over the last week carry a Bagle variant, for example, within an encrypted attachment that bypasses the defences of many corporations and ISPs and then manages to trick the end users into opening the attachment. The rapacious way in which the address books are then plundered across the corporate network also suggests a more 'legitimate email address' harvesting motive than simply an intellectual challenge frenzy between rivals. For example, the malware message mimics the email address domain to which it is being sent, thereby confusing the targeted user.
Give your story premium visibility!