NetSky.c also had the unusual characteristic of sniffing for evidence of a MyDoom or Netsky infection before attempting to deactivate MyDoom.a, MyDoom.b, Netsky.a and Netsky.b. Embedded in Netsky.c's code were indications that rival groups of malware authors are battling for attention, or at least malware 'mind share.'

6. Who is writing all the variants we are presently witnessing?

There is a large tsunami of variants being released in a short space of time. This is historically unprecedented. It is also too early to answer this question. The number and frequency of variants being released suggests some dedicated resources are being applied to achieve a specific objective. It is also highly unusual that so many variants of Bagle have appeared in such a short period. It could be that the Bagle perpetrators are refining their 'work-in-progress' to keep it ahead of the anti-virus companies' solutions iteratively. That is the only
plausible explanation as to why .f and .g are virtually indistinguishable and both expire on the same date in late March.

7. Is the current tidal wave simply a revival of intellectual challenge seekers spurred on by the work of organised crime malware authors? If this is the case, doesn't the confusion help organized crime?

There is a possibility that intellectual challenge seekers or bragging rights seekers are working simultaneously at creating new variants. Either way, the net beneficiary is organised crime as the number of compromised computers or zombies continues to increase. Those zombies can be used for a variety of malevolent or clandestine purposes from launching spam campaigns to phishing scams and also from carrying out DDoS extortions to working as fileservers for illicit or pirated material.

mi2g Intelligence Unit preliminary data shows that NetSky.d has already caused between $405 million and $495 million in estimated damages worldwide. Taken together, the NetSky family has climbed to 8th rank, in The Top 20 Table of most damaging malware maintained by mi2g since 1995, with estimated economic damage between $7.1bn and $8.7bn worldwide. Netsky.D appeared to be particularly fast-spreading, with Europe showing the most infections, while Africa experienced the worst rate of infection, having a higher number of infections per PC. Australia has not featured at this stage, but the worst affected countries are primarily West European, followed by the US and Japan. People, clean out your computers with a program like Spybot Search and Destroy, then don't open attached files from people you don't know. Since my address is so public, it is being spoofed viciously - if you get an email from me with an attachment, IT'S NOT FROM ME AND DON'T OPEN IT. I don't send attachments. Also, make sure you have updated security patches from Microsoft if you use a Microsoft operating system.