Lot’s of news following up on the Nyxem worm in the last few days. It’s currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for information on the worm here. Microsoft has detailed manual removal instructions. The counter that logs the worms infections, is close to 2 million. That last note might be taken with a grain of salt, as the counter is tracking all visits to the page, even curious security researchers. Why all the big fuss?
The big fuss is that on February 3rd this worm will wreak havoc on the document files of any machine that’s infected. The files would essentially be overwritten with a line of garbage. This would make recovery of the files extremely difficult if not impossible. Deleting a file is one thing, you just tell the operating system that it’s ok to re-use the space that the file uses, writing OVER the file puts you at a bigger disadvantage for data recovery. So, it’s important to get the word out to anyone that might not have current working antivirus to make sure they get at least an online check.
For those with the misfortune of trying to keep track of virus names, here is a list of the different labels that are being tossed around for this one.
Avast! Win32:VB-CD [Wrm]
Command W32/Kapser.A@mm (exact)
Dr Web Win32.HLLM.Generic.391
F-Prot W32/Kapser.A@mm (exact)
Nod32 Win32/VB.NEI worm
Trend Micro WORM_GREW.A
It has been given a Common Malware “name”…. CME-24, more details on that available at http://cme.mitre.org/
Related PostsRelated Posts
- New mass mailing virus F-secure has information on a fairly aggressive new email virus. Their name for it is VB.bi although it's aliases are.... W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi depending on which AV vendor you check with. It's a worm as well, in that it tries to spread through remote shares. It attempts to disable......
- Nyxem.E virus delete files payload F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this virus seems to be spreading fairly well (not the blockbuster spread of older email viruses, but it is......
- New IM worm using WMF vulnerability There is news this morning of a new twist in the WMF vulnerability (it was only a matter of time.) There are reports of an instant messenger worm using the vulnerability to spread. Currently incidents.org is reporting that the worm is spreading through the MSN messenger IM network and contains......
- Fun Facts about Winter December 22 is the first day of winter for all the folks in the Northern Hemisphere! The sun is the furthest away from the equator, shining directly over the Tropic of Capricorn (Alice Springs, Australia and Sao Paulo, Brazil are just a couple of cities along the Tropic of......
- Catching More Fish with Worms Fishing with worms can be really lucrative, and can drive excellent results but only if you follow some basic techniques and utilize some of the best fishing tips. Worms can be either live worms or synthetic worms, but you should shy away from the plastic worms that bass fishermen seem......
- Virus Writers Are Cowardly, Unimaginative Hacks Okay, listen up you pimply little cellar dwarfs. You think you're so smart living rent-free in your Mommy's basement writing your little computer viruses and worms? Well, creating a trojan is as close as you'll ever come to actually using something called a Trojan. And you're not so smart. You're......
- New mass mailing virus
- Nyxem.E virus delete files payload
- How festive – the dasher worm…
- A Deeper look at Nyxem
- Esbot and Zotob updates….