Security news
Security news10 March 2004
Has the Netsky source code been released? Were the Netsky-L and Netsky-M worms written by a new author? Sophos comments
 |
| The Netsky worms are named after the Skynet corporation from the movie The Terminator. |
Sophos researchers have warned computer users to be on their guard against the latest versions of the Netsky worm, W32/Netsky-L and W32/Netsky-M.
Like previous versions Netsky-L and Netsky-M travel via email in the form of an email attachment, but contain a number of differences which suggest they may have been written by a different author from the first 11 versions of the worm.
Text hidden inside W32/Netsky-K said that it would be "the last version" but warned that the source code would be "available soon". Releasing the source code would make it easier for other people to create new versions of the Netsky worm, such as W32/Netsky-L and W32/Netsky-M.
"Unlike earlier variants, Netsky-L and Netsky-M contain no mention of 'Skynet', do not try and disinfect the Bagle worm, and don't launch a verbal assault on Bagle's author," said Graham Cluley, senior technology consultant for Sophos. "These and other differences in the code lead us to suspect that they may have been written by a different person. One concern is that the author of the original Netsky worm may have kept his promise and released the source code."
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.
