After a long time, another Netsky makes it to TrendLabs’ noteworthy list and its routines are nostalgic throwbacks to the days when the egos and juvenile war-mongering of malware authors are AV’s worst enemies. Faithful to its roots, WORM_NETSKY.CA, continues the war with WORM_MYDOOM and WORM_BAGLE by deleting registries related to them.
This mass-mailing worm appears to extend effort to ride the current trend of attacking specific segments. It speaks Portugese as seen in the subject and body of its spammed email messages, which spout such poetry as follows:
â?¢ Conta Fechada
â?¢ Conta regularizada veja aqui!!
â?¢ Lamento sabe!
â?¢ Leia rapido o arquivo!!!!
â?¢ Nao sei o que eh isso me diga! Tabela d…
â?¢ Nossas contas veja detalhe
This variant is probably just Netsky’s little ‘Ola!’ to the world. The ego torch it carries for the bygone bot wars is just not profitable enough to fit the show-me-the-money anthem of today’s threats.