"Antivirus researchers have uncovered a startling increase in organized virus- and worm-writing activity that they say is powering an underground economy specializing in identity theft and spam. .. .
Starting with the initial outbreak of MyDoom in January, Hypponen began to notice that what had previously been considered little more than a rogue virus-writing subculture actually had a significant link to organized efforts to use malicious code to make money.
"'MyDoom got press coverage because of the denial-of-service attack it launched against SCO and Microsoft Corp.,' says Hypponen. 'But nobody was paying attention to what was happening behind the scenes.'
"And what was happening, according to Hypponen, was the beginning of a concerted, unabashed effort to turn virus and worm infections into cash.
"Eight days after MyDoom.A hit the Internet, somebody scanned millions of IP addresses looking for the back door left by the worm, said Hypponen. The attackers searched for systems with a Trojan horse called Mitglieder installed and then used those systems as their spam engines. As a result, millions of computers across the Internet were now for sale to the underground spam community.
"We have information that the writers of both MyDoom and Bagle may be Russian immigrants living in various European countries," says Hypponen.
Whoever is behind it, they are organized and running a thriving business, says Hypponen.
Will SCO now correct all its public statements, including one SEC filing, implying and even stating that the attack came from the community?