Results 1 to 4 of 4

Thread: Netsky author signs off

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Netsky author signs off

    The latest variant of the Netsky worm, which is the eleventh in less than a month, will be the last, according to a coded message from the worm's author.


    Netsky.K was discovered on Monday and security researchers found an unexpected message from the author within its code; although the authors of Netsky, Bagle and MyDoom have been engaged in a flame war for the past couple of weeks, this latest variant differs because it not only contains the usual insults to other virus writers, but also a message saying this would be the last Netsky variant.

    Although the Netsky worm has caused misery for users, it is not malicious in the same way as Bagle and MyDoom, which have been designed for the sole purpose of transforming unprotected PCs into an army of spam senders. Recent versions of Netsky have actually attacked and removed the Bagle worm and the author of Netsky refers to his team as "antivirus" writers.

    Mikko Hyppönen, director of antivirus research at Finnish company F-Secure, told ZDNet UK that the authors of Netsky are under the impression they are good guys because they attack other worms: "The guy behind Netsky thinks he is doing a good thing--most likely a teenager and probably just one guy who is not part of a group of criminals."

    In Netsky.K's code the author writes: "We want to destroy malware writers business [sic], including MyDoom & Bagle… To F-Secure and so on, we do not want damage systems… We have respect of your work (Your heuristic scan is not good enough! Make it better). This is the last version of our antivirus. The source code is available soon."

    Hyppönen said he expects the Netsky author to stick to his word and stop releasing new variants: "We have no reason to doubt it, so I would be surprised if it isn't true."

    A new version of the Bagle worm, Bagle.L, was discovered on Tuesday. According to antivirus firm Panda Software this worm contains a back door, which opens the TCP port 2745. Infected computers attempt to connect to an Internet address that hosts a PHP script. According to Panda, this is how the worm notifies its author that another computer has been infected.

    Hyppönen said the behavior of the latest Bagle worm is suspiciously similar to that of the original MyDoom worm, which so successfully launched a DDoS attack on the SCO.com Web site. He suspects that Bagle and MyDoom are written if not by the same person, then by the same team of coders: "This family of Trojans and have been used by spammers for several months. When MyDoom was distributed at the end of January, it left a back door.

    Through that back door they installed a specific Trojan and after a few days we started seeing spam being sent through those computers. The Bagle we found today drops the same Trojan. We are starting to think that it is the same group of people behind both Bagle and MyDoom," he said.
    Source : http://zdnet.com.com/2100-1105_2-5171743.html
    -Simon \"SDK\"

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Netsky.K was discovered on Monday and security researchers found an unexpected message from the author within its code; although the authors of Netsky, Bagle and MyDoom have been engaged in a flame war for the past couple of weeks, this latest variant differs because it not only contains the usual insults to other virus writers, but also a message saying this would be the last Netsky variant.

    .....

    In Netsky.K's code the author writes: "We want to destroy malware writers business [sic], including MyDoom & Bagle… To F-Secure and so on, we do not want damage systems… We have respect of your work (Your heuristic scan is not good enough! Make it better). This is the last version of our antivirus. The source code is available soon."

    ....

    Hyppönen said he expects the Netsky author to stick to his word and stop releasing new variants: "We have no reason to doubt it, so I would be surprised if it isn't true."
    Well, the author lied. There is now a .L varient...
    http://securityresponse.symantec.com...tsky.l@mm.html
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by phishphreek80
    Well, the author lied. There is now a .L varient...

    Geeee, go figure, a virus writer that lies, what's this world coming to?

    Cheers:
    DjM

  4. #4
    Hehe. C programmers can be quite tricky ^_^

    But couldn't the variant have been made by another author?
    MySig != Worth your time

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •