We here at F-Secure viruslab were surprised by the development where it appears that the group behind Netsky, "SkyNet antivirus Team from Russia", turned out to be one guy from Germany.
Lets go back and look at some of the texts embedded inside Netsky variants:
Netsky.J: We want to destroy malware writers business, including MyDoom & Bagle. This is the last version of our antivirus. The source code is available soon.
Netsky.N: Thanks to the S*k*y*N*e*t alias *N*e*t*S*k*y* crew for the sourcecode. We have rewritten *N*e*t*S*k*y.Our group will continue the war. We are greeting all russia people!
Netsky.Q: We are the only SkyNet, we don't have any criminal inspirations. and we aren't children. Best regeards, the SkyNet Antivirus Team, Russia 05:11 P.M
Netsky.R: Netsky is Skynet, a good software, Good guys behind it. Thanks To all people in cz and russia.
Netsky.S: Thanks to russia, and thanks to CCC for support. 09:34 A.M, Russia
So, if all Netsky variants really were coming from a single source, all the discussion about a "team" and references to Russia and Czech were just left there as misdirection. Which is nothing new. However, in this case there was also other circumstancial evidence pointing towards several different authors.
Apparently the caught teenager is co-operating with the German police. Hopefully we will hear the full story behind the whole saga eventually.