The lull in December and early January has been replaced by an accelerating parade of Mydoom, Bagle and Netsky variants.
- 19 Jan W32/Bagle.A@MM (details from: NAI, Trend Micro, Symantec, Norman)
- 27 Jan W32/Mydoom.A (details from: NAI, Symantec, Norman, a href="http://www.sophos.com/virusinfo/analyses/w32mydooma.html">Sophos, F-Secure)
- 10 Feb W32/Doomjuice.A (details from: Trend Micro, NAI, F-Secure, Sophos)
- 14 Feb W32/Welchia.B (details from: Symantec)
- 16 Feb W32/Mydoom.E (details from: Sophos)
- 16 Feb W32/Netsky.A@MM (details from: NAI, Trend Micro, Symantec)
- 17 Feb W32/Bagle.B@MM (details from: NAI, F-Secure, Trend Micro)
- 18 Feb W32/Netsky.B@MM (details from: Sophos, Trend Micro, NAI, Symantec)
- 23 Feb W32/Mydoom.F@MM (details from: Symantec, NAI)
- 15 Mar W32/Bagle.O@MM (details from: Sophos, NAI)
- 15 Mar W32/Bagle.P@MM (details from: Trend Micro, NAI)
- 16 Mar W32/Netsky.D (details from: Norman)
- 18 Mar W32/Bagle.Q@MM (details from: Sophos, NAI, Trend Micro, Norman, F-Secure)
- 18 Mar W32/Bagle.R@MM (details from Sophos, NAI, Symantec, Norman)
- 22 Mar W32/Netsky.P@MM(details from: Sophos, NAI, Trend Micro, Symantec, Norman)
- 26 Mar W32/Bagle.U@MM (details from: Sophos, Symantec, NAI, Norman)
- 29 Mar W32/Netsky.Q@MM (details from: Sophos, NAI, Symantec)
Doomjuice was interesting because it dropped the source code for Mydoom.A - this appears to be to make prosecution of the author of Mydoom.A difficult. Both SCO and Microsoft have offered large rewards for information leading to the conviction of the Mydoom author. Before Doomjuice, presence of the Mydoom source code on a person's computer would have been damning evidence against them - who else would have the source code? Now, if the author is ever caught, he can claim Doomjuice framed him.