A Deeper look at Nyxem



First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don’t wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.

According to incidents.org


Call it a matter of trust…..

The most interesting part, which I haven’t seen in other analysis of the worm says:

“Additional Registry Changes

The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered “safe” and digitally signed.”
The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy. Of course, we all know that once the machine is infected you can’t trust it, but this looks like another (big) problem for the average user out there.

So basically it manipulates the registry such that the activex control it brings in is marked as safe and digitally signed. Meaning that a very subtle virus *(maybe run through a web vulnerability?) could really wreck some havoc to what’s “trusted” by the system.

Related Posts

Blog Traffic Exchange Related Posts
  • More on the virus/trojan front I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic.... (read the entries below.) I've discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has......
  • More details on Sober worm There's a bit more detail in this betanews article on the sober worm. They basically say that the next expected "release" is January 8th, that f-secure has cracked the "code" of the worm. You see it appears that the URL's that new versions of the worm are downloaded from are......
  • Hiding malware may evade antivirus Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their......
Blog Traffic Exchange Related Websites
  • The Dangers of Long Term and Interest Only Loans There are two new trends in the banking world that may actually be very dangerous for consumers. Long term personal loans and interest only loans are gaining in popularity, especially in the wake of the housing crisis. While these may seem to be a great option at the time, there......
  • More Fishing and Boating Lexicon Earthworm - In fishing, this is a common term that is used to refer to the wide variety of different fishing worms that can be used for baiting, including night crawlers, garden works, dillys, leaf worms and red wigglers. Edge - This describes the borders that are created by a......
  • Is A Registry Cleaner Download Safe To Use? Should You Download A Registry Cleaner?A lot of the everyday tasks you do on your PC such as uninstalling files or moving folders can create bad registry entries.  Such errors can cause system problems and could affect computer stability unless they are scanned and fixed correctly. Common problems can include......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site