By Dan Ilett, 25 October 2004 09:20
NEWS
Antivirus companies have mislabelled a worm they thought belonged to the Netsky virus family, a security expert has said.
Senior technical consultant at Sophos Graham Cluley said that antivirus firms should have labelled the virus as a 'W32/Baba' worm. But, he added, after F-Secure categorised the worm as a Netsky variant, many of other antivirus companies followed their lead.
"The guys in the labs have looked more closely at this and said that this isn't Netsky," Cluley said. "Kaspersky has also found the same thing. It's actually called Baba. As far as we can see, it bears no relation to Netsky."
F-Secure swiftly made a turnaround on its decision and re-labelled the worm as Baba.
F-Secure's director of antivirus research Mikko Hyppönen said: "I think [Cluley] is right. It is complex because there are several families. It's becoming a bit academic. Later on we saw that it was something else. But the bottom line is that it's a mass-mailer."
Cluley said that even though the virus was a Baba variant, it looked as if it was still connected to a South Korean university.
At the time of writing, Symantec still had the virus labelled as Netsky.
Reports stated that the original Netsky author Sven Jaschan was responsible for more than 70 percent of virus infections earlier this year. Jaschan, who was arrested in May, was recently offered a job by German firewall company Securepoint.
Dan Ilett writes for ZDNet UK.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below