When it rains it pours. Wednesday Feb 25th brought a new version of Netsky. Similar in operation to Netsky.B, but with a wider pool of message, subject line and attachment possibilities, W32/Netsky.C-mm jumped to a medium threat on Symantec, McAfee and Sophos charts, and to a full scale alert with TrendMicro by Thursday afternoon. Not as destructive as MyDoom.F, nor as prolific as Netsky.B (at the top of MessageLabs list this week), Netsky.C propagates through e-mail and file sharing services. Over the weekend, a new version, Netsky.D was reported. According to analysis by antivirus vendors, it is essentially identical to Netsky.C, though it has a shorter message, subject and attachment list, and doesnt spread through file-sharing. Symantec moved Netsky.D to a category 4 threat in the afternoon on Monday March 1. Monday also brought another version, Netsky.E, which also has shorter subject, message and attachment lists, and only spreads by e-mail.
Not wanting to be out done with version overload, a half dozen bagles hit the scene between Saturday Feb 28th and March 1st. W32/Bagle.C was the first, followed by Bagle versions D through H by Monday afternoon, and a version I on Tuesday morning. Appearing to be the work of the same author, the bagles were more similar than different, making it look like the culprit was trying different things and sending out revisions as he/she went along. See our Top threat for more info and details on how to beat these threats.