Netsky Won't Go Away; Two New Versions Arrive

A version that hit the Web on Monday said it was the last iteration, but a pair of new variants surfaced on Thusday.
Netsky, the worm that plagued users last week, shows no sign of going away, contrary to comments embedded in a variant released Monday. Anti-virus vendors on Wednesday and Thursday discovered two new versions, tagged as Netsky.l and Netsky.m.

Like earlier editions of the worm, this pair's payloads are tucked inside file attachments to E-mail messages.

Netsky.k, the worm that hit the Web on Monday, included a long diatribe that, among other things, promised that it was the author's last iteration, that he would release the source code for the worm, and finally, that Thursday would be "skynet day." The creator of Netsky has repeatedly referred to himself as "Skynet" or "Skynet AntiVirus."

Those comments led some security experts to warn of a possible new wave of attacks on Thursday.

While a broad-scale attack had yet to materialize Thursday, the Netsky.l and Netsky.m variants may well be the work of others who now have access to the original worm's source code, said Graham Cluley, senior technology consultant at security firm Sophos. This could portend a new round of attacks since "releasing the source code would make it easier for other people to create new versions," he said in a statement. "Unlike earlier variants, Netsky.l and Netsky.m contain no mention of 'Skynet,' do not try and disinfect the Bagle worm, and don't launch a verbal assault on Bagle's author," Cluley said. "These and other differences in the code lead us to suspect that they may have been written by a different person. One concern is that the author of the original Netsky worm may have kept his promise and released the source code."

If true, the creator of the first 11 Netsky worms kept his word to cease and desist, and/or pass the torch on to other hackers.

The new variants are ranked as relatively low-level threats at the moment. Symantec rated both as "2" on its 1-through-5 scale, while rival Network Associates tagged them as "low" in its alert-assessment system.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing