A Look at Plexus
Commentary on a Potential Major Problem
It is generally true that if a virus family does not produce a variant that spreads quickly within its first five manifestations, it will be a proverbial damp squib. Obviously, this isn't foolproof, but many don't realize how often it isn't until a variant that a virus truly takes off. The first incarnation of Netsky was a minor event which took several months to even get a single report on the industry standard WildList. At first, it was believed to be confined to the labs of virus researchers for the most part. It wasn't until Netsky.B that the family took off - and did it ever.
What we have now is the first manifestation of a virus based on the successful MyDoom (which needs no introduction) by the handle of Plexus. There are a huge number of interesting things to note here, all of which would probably have garnered it a mention here. The first is that the code is almost certainly based on MyDoom. Despite the recent rounding up of subjects in the Netsky case, the author(s) of MyDoom still remain at large. Could this be their latest incarnation? Perhaps. But that's definitely not the most interesting here.
The most interesting thing would probably be that mass-mailing isn't all Plexus can do. It also spreads via the LSASS vulnerability exploited by Sasser. It certainly isn't the first, second, or even twentieth virus to do this but it is the first (as far as I know) to also include mass-mailing ability. This could be a potential headache if the worm was released in the wild, as this would allow it to spread to two major cesspools of the Internet world - users who open every attachment they receive and users who never patch their systems. For the users who still have not patched it, the worm also makes use of the RPC vulnerability from the Blaster days.
Plexus also targets Kaspersky Antivirus, which the Register article makes sound like a big deal. Retroviral abilities in viruses are nothing new (in fact, they've been around since the '80s,) and are considered nearly standard issue in today's mass-mailers. In fact, Plexus has a fairly simplistic mass-mailing capability for these days (Netsky has a huge number of variations,) although MyDoom only had a small handful of formats too. These days, it's a near impossibility to get an outbreak virus using just a single message; that more or less went out with VBScript mass-mailers about three years ago.
Is Plexus a threat? Probably not the “A” version, although an outbreak is still a possibility for the next 24 hours or so, and a minor outbreak could remain a possibility for at least a week. But so far nothing much has been reported of this in the field. Of course, if it starts spreading rapidly or a new variant appears, it'll definitely be reported here.