A Deeper look at Nyxem



First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.

According to incidents.org


Call it a matter of trust…..

The most interesting part, which I haven’t seen in other analysis of the worm says:

“Additional Registry Changes

The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered “safe” and digitally signed.”
The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy. Of course, we all know that once the machine is infected you can’t trust it, but this looks like another (big) problem for the average user out there.

So basically it manipulates the registry such that the activex control it brings in is marked as safe and digitally signed. Meaning that a very subtle virus *(maybe run through a web vulnerability?) could really wreck some havoc to what’s “trusted” by the system.

Related Posts

Blog Traffic Exchange Related Posts
  • FBI / CIA virus Well... the media has taken the drab name of w32sober.X@mm or w32sober.x or w32sober.y, W32/Sober.AD-mm or any of those other drab names that we've been looking at the last week and dubbed the latest big virus, the FBI/CIA virus.... and it's gotten a lot of press the last few days.......
  • Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
  • Virus Hoaxes are almost as bad as real viruses I suspect you've probably got a fair share of these, I know I pull my hair out everytime I see someone forward one to their closest 400 friends and include me. Virus warnings. Viruses, are something that I deal with cleaning up quite a bit and I guess people try......
Blog Traffic Exchange Related Websites
  • Free registry cleaner downloads How to Tell When You Need a Registry Cleaner? If your computer is showing any of these symptoms, you need to clean the registry: What Does a Registry Cleaner Do? The registry is the heart of your computer.  The registry is a database that keeps track of all the different......
  • Windows Registry Error - Fixing The Registry Easily Windows registry errors manifest themselves in many different ways, be it in the form of error popups, system slowdowns or system freezes. Being the heart of the system, any problems with the registry means that it can affect the entire system if the problem is left unresolved.It's perhaps one of......
  • virus scan is warning me that userinit.exe is trying to modify registry or startup? Everything I can find on userinit.exe tells me it is a crucial windows file, but I can't find anything telling me it should modify the registry. I'm concerned that it may be a virus disguised, is this possible? Why would my virus scan prompt me? I'm using charter (my cable......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site