Finnish antivirus specialist F-Secure Corp said yesterday that comment text found in the latest version of Netsky claims that new programmers are behind it, after the previous author quit and then released the source code.
A message inside the latest Netsky.N worm indicates that a new person/group has acquired the source code of the worm and they are going to continue the war against Bagle and MyDoom authors, an F-Secure researcher wrote on the firm’s web site.
Bagle variants are now file-infectors, meaning they append themselves to other legitimate executables as a means to spread and continue running on infected machines. Previously, Bagle versions were only worms, spreading via email.
In addition, anti-virus firms now say Bagle’s latest variants are programmed to remove Netsky infections. Previously, it was only Netsky that cleaned infected machines of infections of Bagle and other worms.
If you believe the comment text, and there’s no reason to do so, Bagle and MyDoom are attempting to create botnets for the purposes of sending spam and denial-of-service attacks, while Netsky purports to be the antivirus remedy.
In the future we are most likely going to see new Netsky and Bagle variants regularly until people creating them give up or get arrested, F-Secure’s researcher concluded.
This article is based on material originally published by ComputerWire
