New Netsky variant appears from Korea

Despite the incarceration of the original author new variants of the Netsky worm are still appearing, with the latest version seemingly coming from South Korea, according to experts
Written by Munir Kotadia, Contributor

Antivirus researchers have discovered a new version of the Netsky worm that contains text linking it to the SoonChunHyang University in Bucheon, South Korea.

Mikko Hyppönen, director of antivirus research at European antivirus firm F-Secure, said the latest variant contains two hidden strings: "SoonChunHyang" and "Bucheon".

"There's a University called SoonChunHyang in the city of Bucheon, South Korea. So I guess this variant has something to do with South Korea," Hyppönen said.

The original Netsky was written by Sven Jaschan, who was said to be responsible for 70 percent of all virus infections in the first half of this year, according to antivirus firm Sophos.

However Jaschan was taken into custody in May by the police in Germany who said that he had admitted programming both the Netsky and Sasser worms. During the five months preceding his arrest, there were at least 25 variants of Netsky and one of the port-scanning network worm Sasser.

Shortly before his arrest, Jaschan said he had distributed the worm's source code, which could allow any number of people to develop their own versions of the worm.

At the time, Hyppönen said that if the source code were to be published it would be very popular.

"The source code from Netsky is hot stuff because the worm has been so successful," Hyppönen said.

Since Jaschan’s arrest at least another 20 variants of Netsky have been found.

Hyppönen believes all the recent Netsky variants have been created by copycats.

"As the author of the original Netsky family is out of business, these recent Netskys all seem to be hacks made by third parties," Hyppönen said.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here..

Editorial standards