Lot’s of news following up on the Nyxem worm in the last few days. It’s currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for information on the worm here. Microsoft has detailed manual removal instructions. The counter that logs the worms infections, is close to 2 million. That last note might be taken with a grain of salt, as the counter is tracking all visits to the page, even curious security researchers. Why all the big fuss?
The big fuss is that on February 3rd this worm will wreak havoc on the document files of any machine that’s infected. The files would essentially be overwritten with a line of garbage. This would make recovery of the files extremely difficult if not impossible. Deleting a file is one thing, you just tell the operating system that it’s ok to re-use the space that the file uses, writing OVER the file puts you at a bigger disadvantage for data recovery. So, it’s important to get the word out to anyone that might not have current working antivirus to make sure they get at least an online check.
For those with the misfortune of trying to keep track of virus names, here is a list of the different labels that are being tossed around for this one.
Avast! Win32:VB-CD [Wrm]
Command W32/Kapser.A@mm (exact)
Dr Web Win32.HLLM.Generic.391
F-Prot W32/Kapser.A@mm (exact)
Nod32 Win32/VB.NEI worm
Trend Micro WORM_GREW.A
It has been given a Common Malware “name”…. CME-24, more details on that available at http://cme.mitre.org/
Related PostsRelated Posts
- New mass mailing virus F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it's aliases are.... W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It's a worm as well, in that it tries to spread through remote shares. It attempts to disable......
- IM worm acts as a come on to a Santa Claus site According to Information Week, there's a new IM worm out hitting the MSN, ICQ, Yahoo and AIM networks. It poses as a come on for a Santa Claus site. On visiting the site, users receive an unexpected "present" a rootkit which is hidden. IMlogic said that the worm, dubbed "M.GiftCom.All,"......
- Sending Virus or Spam Abuse reports It occured to me that I may not have brought things to a neat conclusion on the post earlier about tracking email header data. I did make reference to sending an abuse report. Here's an attempt to clear up a few things that might still be fuzzy. 1) usually the......
- Fun Facts about Winter December 22 is the first day of winter for all the folks in the Northern Hemisphere! The sun is the furthest away from the equator, shining directly over the Tropic of Capricorn (Alice Springs, Australia and Sao Paulo, Brazil are just a couple of cities along the Tropic of......
- Virus Writers Are Cowardly, Unimaginative Hacks Okay, listen up you pimply little cellar dwarfs. You think you're so smart living rent-free in your Mommy's basement writing your little computer viruses and worms? Well, creating a trojan is as close as you'll ever come to actually using something called a Trojan. And you're not so smart. You're......
- Catching More Fish with Worms Fishing with worms can be really lucrative, and can drive excellent results but only if you follow some basic techniques and utilize some of the best fishing tips. Worms can be either live worms or synthetic worms, but you should shy away from the plastic worms that bass fishermen seem......
- New mass mailing virus
- Nyxem.E virus delete files payload
- How festive – the dasher worm…
- A Deeper look at Nyxem
- Esbot and Zotob updates….