Not even a well-enough known $250,000 bounty on their heads stops virus writers from continuing to write. Certainly not the MyDoom authors, who have now reportedly let loose a new version with an embedded message promising to attack antivirus companies F-Secure, McAfee, Symantec, and TrendMicro.
"Lucky's Av's ;P~. Sasser author gets IT security job and we will work with Mydoom, P2P worms and exploit codes," said the message within the malady. "Also we will attack f-secure, symantec, trendmicro, mcafee, etc. The 11th of march is the skynet day lol. When the beagle and mydoom loose, we wanna stop our activity <== so Where is the Skynet now? lol."
The antivirus companies, however, seem somewhat uncertain of what to expect from that threat within MyDoom.AE. "It remains to be seen what they mean by threatening to attack us," said F-Secure antivirus research director Mikko Hypponen. "That might mean a denial-of-service attack. We've been a target before, but they haven't tried any recently."
Hypponen said MyDoom.AE also included a jab at Netsky mastermind Sven Jaschan for being caught and arrested. "Because Jaschan has been arrested," Hypponen said, "he is no longer a player in the virus war. And MyDoom wanted to highlight they had won the war."
MyDoom.AE has yet to wreak any major havoc thus far since its weekend release.
Since the MyDoom.AE alluded to its parent, a new Bagle variant is also reported to be on the loose, Bagle.AG. This one, F-Secure said, comes in e-mails with "Price" or "Joke"-related attachments and .exe, .cpl, .scr, or .com extensions, and contains a backdoor that can delete registry entries from numerous security, antivirus, and other protection programs as well as harvesting e-mail addresses from the infected computer's local disk and using the infected host's SMTP connection to spread infections.
