A Deeper look at Nyxem
First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.
Call it a matter of trust…..
The most interesting part, which I haven’t seen in other analysis of the worm says:
“Additional Registry Changes
The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered “safe” and digitally signed.”
The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy. Of course, we all know that once the machine is infected you can’t trust it, but this looks like another (big) problem for the average user out there.
So basically it manipulates the registry such that the activex control it brings in is marked as safe and digitally signed. Meaning that a very subtle virus *(maybe run through a web vulnerability?) could really wreck some havoc to what’s “trusted” by the system.
Popularity: 1% [?]
Related Posts - Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
- How to Remove PCSProtector | PCSProtector Removal Guide PCSProtector is a rogue antivirus application from the winisoft family of rogues. They are essentially clones of each other and all resemble each other with the minor modification of the name of the rogue and it's files. These rogues are typically distributed by trojan horse activity as well as malware......
- Sending Virus or Spam Abuse reports It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here's an attempt to clear up a few things that might still be fuzzy. 1) usually the......
Related Websites - The Dangers of Long Term and Interest Only Loans There are two new trends in the banking world that may actually be very dangerous for consumers. Long term personal loans and interest only loans are gaining in popularity, especially in the wake of the housing crisis. While these may seem to be a great option at the time, there......
- More Fishing and Boating Lexicon Earthworm - In fishing, this is a common term that is used to refer to the wide variety of different fishing worms that can be used for baiting, including night crawlers, garden works, dillys, leaf worms and red wigglers. Edge - This describes the borders that are created by a......
- Free registry cleaner downloads How to Tell When You Need a Registry Cleaner? If your computer is showing any of these symptoms, you need to clean the registry: What Does a Registry Cleaner Do? The registry is the heart of your computer. The registry is a database that keeps track of all the different......
Similar Posts
- The Blackworm, Nyxem, KamaSutra Worm…
- Esbot.a
- Windows XP Stop 0x0000007B Error Booting into Safe Mode
- More details on Sober worm
- The end of antivirus definition updates?