Virus writers never take a day off, and neither can you.
Go to the Virus Threat Center now to get daily security alerts
and updates that will help you keep your systems safe.


Munir Kotadia

Special to CNET

Antivirus researchers have discovered a new version of the Netsky worm that contains text linking it to a university in South Korea.

Mikko Hypponen, director of antivirus research at European antivirus company F-Secure, said the latest variant contains two hidden strings: “SoonChunHyang” and “Bucheon.”

“There’s a university called SoonChunHyang in the city of Bucheon, South Korea. So I guess this variant has something to do with South Korea,” Hypponen said.

The original Netsky was written by Sven Jaschan, who was said to be responsible for 70 percent of all virus infections in the first half of this year, according to antivirus company Sophos.

Jaschan was taken into custody in May by German police, who said that he had admitted programming both the Netsky and Sasser worms. During the five months preceding his arrest, there were at least 25 variants of Netsky and one of Sasser, a port-scanning network worm.

Shortly before his arrest, Jaschan said he had distributed the worm’s source code, which could allow any number of people to develop their own versions of the worm.

At the time, Hypponen said that if the source code were to be published, it would be very popular. “The source code from Netsky is hot stuff because the worm has been so successful,” Hypponen said in March.

Since Jaschan’s arrest, at least 20 other variants of Netsky have been found.

Hypponen believes all the recent Netsky variants have been created by copycats.

“As the author of the original Netsky family is out of business, these recent Netskys all seem to be hacks made by third parties,” Hypponen said.

Munir Kotadia of ZDNet Australia reported from Sydney.