Netsky.r, a close variant of the Netsky.q worm first found on Monday, arrives as an E-mail message with the heading "Document %number%," where %number% is a random number. If the attached .pif file is opened, the worm infects the machine, hijacks E-mail addresses from local address books to propagate, trash a variety of competing worms if found on the system-- including MyDoom.a, MyDoom.b, and multiple versions of Bagle--and during the days of April 12 through April 16, conducts denial-of-service attacks a number of peer-to-peer software Web sites.
Like Netsky.q, the newest variant targets file-sharing sites such as kazaa.com and emule-project.net.
Deep inside the worm's code, said several anti-virus firms, is text that takes Bagle to task yet again.
Most security firms rate Netsky.r as a relatively low risk. Symantec, for instance, ranked the worm as a "2" on its 1-through-5 scale, while Panda Software tagged it as a "moderate" threat.