New Netsky worm linked to South Korea

Mikko Hypponen, director of antivirus research at European antivirus company F-Secure, said the latest variant contains two hidden strings: "SoonChunHyang" and "Bucheon."

"There's a university called Soonchunhyang in the city of Bucheon, South Korea. So I guess this variant has something to do with South Korea," Hypponen said.

The original Netsky was written by Sven Jaschan, who was allegedly responsible for 70 percent of all virus infections in the first half of this year, according to antivirus company Sophos.

Jaschan was taken into custody in May by German police, who said he had admitted programming both the Netsky and Sasser worms. During the five months preceding his arrest, there were at least 25 variants of Netsky and one of Sasser, a port-scanning network worm.

Shortly before his arrest, Jaschan said he had distributed the worm's source code, which could allow any number of people to develop their own versions of the worm.

At the time, Hypponen said that if the source code were published, it would be very popular. "The source code from Netsky is hot stuff, because the worm has been so successful," Hypponen said in March.

Since Jaschan's arrest, at least 20 other variants of Netsky have been found.

Hypponen believes that all the recent Netsky variants have been created by copycats.

"As the author of the original Netsky family is out of business, these recent Netskys all seem to be hacks made by third parties," Hypponen said.

Munir Kotadia of ZDNet Australia reported from Sydney.