Print
Discuss
Send to friend
RSS feedsAntivirus firms are warning of a destructive Windows worm that will begin wiping files on infected PCs this Friday. 'Nyxem.e' has been spreading via infected emails and network shares.
On the third of each month the worm will activate 30 minutes after the computer is booted up and overwrite all files with the extensions DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP. Corrupted files contain the text 'DATA Error [47 0F 94 93 F4 F5]'.
The emails containing the malware use a variety of social engineering hooks to get the recipient to activate the worm, predominantly of a sexual nature.
Email headers include 'School girl fantasies gone bad' and 'Fwd: Crazy illegal Sex!', while the attachment, a 95KB PE EXE file written in Visual Basic, is usually labelled 'photo.pif' or 'word_document.uu'.
"This worm is not new but it continues to spread and has a damaging payload. We want to urge all computer users to update their antivirus protection before the first trigger date on 3 February," said David Emm, senior technology consultant at Kaspersky Labs UK.
Nyxem.e also tries to deactivate antivirus software and can disable the mouse and keyboard of infected machines to make it harder to delete.
The worm was first discovered on 16 January and has been variously named Blackworm, MyWife, Kama Sutra, Grew and CME-24.
See also:
Flaw in Internet Security Systems products could allow worm to fill drives with junk data 22 Mar 2004
Promise of sexy photos will only give users a headache 03 Nov 2003
All Hacking
del.icio.us
Digg this
reddit!
