Like earlier editions of the worm, this pair's payloads are tucked inside file attachments to E-mail messages.
Netsky.k, the worm that hit the Web on Monday, included a long diatribe that, among other things, promised that it was the author's last iteration, that he would release the source code for the worm, and finally, that Thursday would be "skynet day." The creator of Netsky has repeatedly referred to himself as "Skynet" or "Skynet AntiVirus."
Those comments led some security experts to warn of a possible new wave of attacks on Thursday.
While a broad-scale attack had yet to materialize Thursday, the Netsky.l and Netsky.m variants may well be the work of others who now have access to the original worm's source code, said Graham Cluley, senior technology consultant at security firm Sophos. This could portend a new round of attacks since "releasing the source code would make it easier for other people to create new versions," he said in a statement. "Unlike earlier variants, Netsky.l and Netsky.m contain no mention of 'Skynet,' do not try and disinfect the Bagle worm, and don't launch a verbal assault on Bagle's author," Cluley said. "These and other differences in the code lead us to suspect that they may have been written by a different person. One concern is that the author of the original Netsky worm may have kept his promise and released the source code."
If true, the creator of the first 11 Netsky worms kept his word to cease and desist, and/or pass the torch on to other hackers.
The new variants are ranked as relatively low-level threats at the moment. Symantec rated both as "2" on its 1-through-5 scale, while rival Network Associates tagged them as "low" in its alert-assessment system.