Classic tech archive.
From the original averyjparker.com tech blog — historical context; pair with modern guides where noted.
Full archive · Maker projects ·
Network Ninja
Classic tip · Classic
A Deeper look at Nyxem
First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing …
First I should raise an alarm of warning on this one, this virus is supposed to overwrite all accessible document files (network shares too) on the 3rd of the month, so February 3rd we may be seeing some problems. Don't wait until then to make sure you have current antivirus definitions. The Nyxem virus though does something else interesting.
According to incidents.org
Call it a matter of trust.....
The most interesting part, which I haven't seen in other analysis of the worm says:So basically it manipulates the registry such that the activex control it brings in is marked as safe and digitally signed. Meaning that a very subtle virus *(maybe run through a web vulnerability?) could really wreck some havoc to what's "trusted" by the system.
"Additional Registry Changes
The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered "safe" and digitally signed." The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy. Of course, we all know that once the machine is infected you can't trust it, but this looks like another (big) problem for the average user out there.