One new variant of Netsky, two of Mydoom and four of Bagle emerge in a 24 hour time period

3 March 2004

Within a 24 hour time period on 2-3 March 2004 the following viruses started spreading:

It is clear that the unprecedented propagation of new virus variants witnessed on 2-3 March 2004 is the result of a war of viruses. The writers of Netsky, Bagle, and Mydoom have been competing in the release of new variants of their respective viruses, some of which are programmed to deactivate or delete their competitors.

In addition to this, a number of these new variants have statements and insults directed at the writers of competing viruses hidden in their code.

This barrage of new variants has been unusual in its speed. It normally takes virus writers a few days, or even weeks, to release new variants. However, these variants have all started spreading quickly after antivirus companies have released new virus signature files to counter previous versions. This is clearly an attempt to keep ahead of the antivirus companies in order to gain as wide spread a distribution as possible.

However, as seen by the number of variants it has been necessary for the virus writers to release in this pursuit, their success has been limited. FRISK Software's virus researchers have been working around the clock to provide our customers with effective and up-to-date virus signature files as quickly as possible, constantly keeping up with the virus writers and responding to each new outbreak immediately. FRISK Software provides the users of F-Prot Antivirus with one of the most reliable and effective defenses available against all of these threats.

Threat description

All of these variants are mass-mailers that spread via e-mails sent using their own SMTP engines to addresses harvested from infected computers' hard drives. They all arrive as executables attached to these e-mails. As well as arriving as plain executables, these worms arrive in ZIP archives that are sometimes encrypted or password protected.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

For more information on this worm and disinfection please visit our virus information section.

Threat Detection

The latest versions of F-Prot Antivirus detect all of the above variants using virus signature files dated 3 March 2004 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN