Conficker worm's copycat Neeris spreading over IM
The latest variant of Neeris which has been in the wild since 2005, is mimicking all of Conficker's spreading techniques, including the exploitation of MS08-067 and the AutoRun spreading tactic, but is continuing to propagate through its original method - sending links over MSN. With the Neeris copycat now in the game, what are the chances that it would steal some of Conficker's market share? Pretty pessimistic.
The Neeris author also attempted to launch the campaign beneath the radar with Microsoft's MMPC pointing out that the peak of the campaign took place on late March 31st and during April 1st, Conficker's largely overhyped update activation date. However, this tactic is not going to compensate for some of the obvious mistakes that the author made in the form of using bogus time stamps for the malware, and the use of easily spotted as malicious attachments (.exe;.scr) even by the average Internet user.
Copycats don't just share the same propagation/infection vectors, they also share the same mitigation ones.