From; Kaspersky General News. Tuesday, March 08, 2005 1. Virus writers exchanging information 2. Security Rules **** 1. Virus writers exchanging information Virus analysts at Kaspersky Lab have been investigating the recent Bagle outbreak, and come to the conclusion that the authors of Bagle, Zafi and Netsky are working hand in hand with each other. SpamTool.Win32.Small.b, a malicious program which harvests email addresses from infected machines, was first detected by Kaspersky Lab analysts on 15th February. Email addresses of antivirus companies are excluded from the list it compiles. Further analysis of the situation reveals that the mass mail of this program was a preliminary stage in the attack carried out by Bagle on 1st March. In researching the Bagle outbreak, virus analysts have concluded that the authors of Bagle, Zafi and Netsky and others are working closely together; they may not be personally known to each other, but they are all using information provided by the author of Bagle to mass mail their creations. In the space of just 2 days, approximately 50 modifications of a range of malicious programs were mass mailed. The timing of these mailings clearly shows that they are automated or semi-automated. These recent events confirm the trend towards the criminalisation of the Internet. And likely as not, events will continue to evolve in such a way: network attacks are now automated, take place in several stages, and are carefully timed and planned. The authors of malicious code are joining forces, exchanging information and techniques, in order to increase the impact of attacks. ** 1. Write to us at: webmaster@xxxxxxxxxxxxx 2. Security Rules Please note that Kaspersky Labs news messages are sent only in plain text format and never under any circumstances do they include file attachments. If you receive an email not meeting these strict guidelines, please do not open it under any circumstances. Instead, forward it to Kaspersky Labs technical support (support@xxxxxxxxxxxxx) so its contents can be examined. If you experience any problems with this procedure, please contact us at: webmaster@xxxxxxxxxxxxx **** Best regards, Kaspersky Labs ----- 10 Geroyev Panfilovtcev St. 125363, Moscow, Russia tel/fax: +7 (095) 797 87 00 http://www.kaspersky.com ftp://ftp.kaspersky.com webmaster@xxxxxxxxxxxxx *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member