OT: Virus threat for 02/03/06

[DLK150]

I don't know how serious a threat this is, but felt awareness is a good thing regardless. Evidently this one has hit 300,000 computers already.

Nyxem.E goes live Feb 3

p2p news / p2pnet: The Nyxem.E mass-mailing worm is slated to attack on February 3, based on the clock of the infected machine. And that means depending on what's happening with your computer's time arrangements, it could strike at any time.


And that's what's happening.

When Nyxem.E goes live, it'll overwrite all DOC/XLS/PPT/ZIP/RAR/PDF/MDB files, says F-Secure's Mikko Hyppönen, going on:


"This is nasty, as this is done on all mounted drives, ie. any drive that has a drive letter. So it might affect your USB thumb drives, external hard drives and network drives!

"Also, if you're taking daily automatic backups you might end up backing up the corrupted files over good files.


Meanwhile, F-Secue is already receiving reports from users who've had files on their system overwritten by Nyxem.E, it says.

"The number of machines that have been infected by this worm is over 300,000. Many of those have been disinfected already, though. But thousands of computers will get their files overwritten on February 3rd - most of them in India, Turkey and Peru.


"This worm family has been around since March 2004. The worm is named "Nyxem" because the original Nyxem.A variant launched a DDoS attack against the New York Mercantile Exchange website (www.nymex.com).

"We don't know why."

F-Secure has a disinfectant free tool available for free. Go here for a download.

http://p2pnet.net/story/7786

This site has other information regarding it.

http://www.f-secure.com/weblog/#00000797

This site has detailed information on the virus.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=109064

 

[Cajuncowboy]

How can you tell if your PC has it before the 3rd?

 

[The Fonz]

thanks dlk i heard something about new virus too .but to tell u the truth i have never cared about having viruses or not ( i think those anti virus companies have something to do with those viruses or they will be out of bussines) I never opened an email from someone i don't personally know and even i always scan it if attachment happend to be there..if alittle virus hide here or there let it be ....formatting my disk once n a while will fix it all

 

[DLK150]

How can you tell if your PC has it before the 3rd?

The best bet would be to run any antivirus or spyware programs I would imagine. I found another article on it that says this is incarnation is the "Kama Sutra" virus, and is identifiable by emails with a subject line offering dirty pictures, so for most people it shouldn't be a problem.

This article is from CNN.

ATLANTA, Georgia (CNN) -- "There are a lot of people who are going to be very unhappy on the third of February," said Professor Merrick Furst from the Georgia Tech College of Computing.

That's when the Kama Sutra computer worm will begin destroying critical files on infected computers. And hundreds of thousands of machines may have the worm lurking within their Windows operating system, ready to be unleashed on February 3 and the third of every month thereafter.

Experts say Windows Office documents, Word documents, Excel spread sheets, and PDFs (portable document format) are among the files that will be "overwritten." That means the data will be changed and corrupted, and the original information will no longer be accessible.

While files that have simply been deleted can sometimes be recovered; overwritten files are usually lost for good.

This malicious software entices computer users with promises of sexy pictures, with e-mail subject lines ranging from "School girl fantasies gone bad" to "Hot Movie" to "Crazy illegal Sex!" and "Kama Sutra pics." (Watch how the worm seduces PC users -- 1:36)

This worm is described as "old fashioned" in several ways.

First, it relies on the oldest trick in the book, a computer user's desire to see nasty pictures, to get them to take an action.

"With the Kama Sutra worm, this is a traditional style worm, meaning that it takes user interaction in order to become infected; someone has to double click on a file attachment, and then it does some type of malicious behavior, such as, in this case destroying a folder or a file," said Alain Sergile, a security expert at Internet Security Systems (ISS) in Atlanta.

Because the worm's destructive payload is delayed until the third of the month, many users may have infected their machines, but because neither dirty pictures nor computer problems resulted, simply forgotten that they ever clicked on the attachment.

The worm, which also goes by the names Blackworm, Blackmal, and Nyxem, has been spreading since January 16. It is capable of infecting Windows XP, Windows 2000, Windows 98 and Windows ME operating systems.

"This is a really damaging worm. This is not one of those worms that is interested in having access to your machine for purposes later on. This worm will really damage your machine," Georgia Tech's Furst said.

Furst says the worm has spread to a lot of military addresses on the Internet (.mil), but mostly to ISPs (Internet Service Providers), meaning most of those infected are probably home users.

The computer security company LURHQ reports more than 600,000 machines around the world have been infected.

With a little time before the third of the month trigger, most Windows users still have the ability to cleanse their computer of Kama Sutra before any information is destroyed.

Some antivirus software can eliminate the virus. Users should make sure their antivirus and antispyware software is up to date and to scan their computers for malicious programs that may have been surreptitiously installed on their machines.

However, not all antivirus programs are effective. Problems running antivirus software may be one sign your computer has been infected. Joe Stewart of LURHQ says like many recent worms, Kama Sutra attempts to disable antivirus software when it is attacking a machine.

And even for home computer users who have never taken such precautions before, security experts say now would be a good time to back up your most important data, like financial information and family photographs, to CDs, DVDs, zip drives, or an external hard drive that you know is worm and virus free.

Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no "patch" that can be downloaded to ward off Kama Sutra.

"This is something that is not inherent in the operating system," Sergile said.

"Unfortunately, there is no way to patch user ignorance, and the way this virus propagates is through user ignorance," he said.

Sergile also says home users need to be aggressive about questioning e-mail messages and attachments, even if it appears they are coming from colleagues, friends, or relatives. Many e-mail viruses spread by forwarding themselves to everyone in a user's e-mail address book.

"So while you might think it is coming from cousin Alice, most likely cousin Alice is not going to send you something that says 'Hey look at these pictures with naked people.' So that should be your first clue that a virus is propagating and you'd be well served to call cousin Alice to let her know that she is [unknowingly] sending out this type of e-mail," Sergile said.

http://www.cnn.com/2006/TECH/internet/01/31/kamasutraworm/index.html

 

[Echo9]

This is one of those days that it good to own a Mac.

 

[Nors]

Don't open E-mails or attachments from strangers - ever.

Be careful as most of these attacks come hidden in what you think is a friendly E-mail.

 

[ThreeSportStar80]

This is one of those days that it good to own a Mac.

Man you're so right because hackers don't fool with MAC's simply because IBM based PC's are more common.

 

[GTaylor]

How can you tell if your PC has it before the 3rd?

Stop looking at dirty pictures Seriously, according to McAfee the virus will attempt to go into each folder: * \Documents and Settings\ * \Documents and Settings\%USERS%\My Documents\ * \Program Files\ * \RECYCLER\ * \System Volume Information\ and attempt to install (In each directory): # desktop.ini # Temp.Htt # WinZip_Tmp.exe (Copy of worm) If you don't have the following files chances are you're okay, but to be safe I'd update anti-virus and run a scan.