NYXEM E - Mass Mailing
Worm
Article
By Marc Liron - Microsoft MVP (Digital Media)
Are You Protected From The Nyxem E
Worm?
|
|
|
Windows users are being urged to scan their computers before 3rd
February 2006 to avoid falling victim to a destructive Worm.
On that date the Nyxem E Worm is set to delete Word,
Powerpoint, Excel and Acrobat files on infected machines!Don't
get caught out...
|
I
Have Not Heard Of Nyxem E, What Is It?
The Nyxem E Worm
first emerged on 16th January 2006 and has been steadily claiming
victims computers ever since!
When a user opens a
Nyxem E email and opens attachment they become infected!
This is what is known
about the worm:
# Attempts to
turns off anti-virus applications protecting your system!
# This worm collects e-mail addresses from files with
following extensions found on your computers hard drive:
.HTM
.HTML
.DBX
.EML
.MSG
.OFT
.NWS
.VCF
.MBX
.IMH
.TXT
.MSF
# Sends itself to any email addresses it found, so carrying
on the cycle!
# Uses a subject line in the email similar to one the
following:
The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Fw: Picturs
Fw: DSC-00465.jpg
Word file
eBook.pdf
the file
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos
# The worm has a dangerous payload. If the date is equal to 3
(3rd of February, 3rd of March, etc) it can delete files off the
computer:
DMP - Oracle files
DOC - Word document
MDB - Microsoft Access
MDE - Microsoft Access/Office
PDF - Adobe Acrobat
PPS - PowerPoint slideshow
PPT - PowerPoint
PSD - Photoshop
RAR - Compressed archive
XLS - Excel spreadsheet
ZIP - Compressed file
# Forges the sender's email address so it looks like it came
from them...
# Emails contain attachments that may be executable files or
MIME files containing executable files.
Executable attachment filenames include the following:
007.pif
04.pif
677.pif
document.pif
DSC-00465.Pif
DSC-00465.pIf
eBook.PIF
image04.pif
New_Document_file.pif
photo.pif
School.pif
MIME attachment filenames include the following:
3.92315089702606E02.UUE
Attachments[001].B64
Attachments00.HQX
Attachments001.BHX
eBook.Uu
Original Message.B64
Sex.mim
SeX.mim
Video_part.mim
WinZip.BHX
Word_Document.hqx
Word_Document.uu
# Uses its own emailing engine so it does NOT need to use
Outlook Express etc...
# Downloads code from the internet...
# Reduces a computers overall security...
# Deletes files from the Registry...
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
# Can disable the mouse and keyboard on infected machines...
# Spread to network shares...
It is common practice
for the various software vendors and agencies to name the same
Worm/Virus differently!
Here is a list of the various names for this particular Worm:
CME-24, Win32.Blackmal.F [Computer Associates],
Email-Worm.Win32.Nyxem.e [F-Secure],
Email-Worm.Win32.Nyxem.e [Kaspersky],
W32/MyWife.d@MM [McAfee],
W32/MyWife.d@MM!M24 [McAfee],
W32/Small.KI@mm [Norman],
Tearec.A [Panda Software],
W32/Nyxem-D [Sophos],
WORM_GREW.{A, B} [Trend Micro]
Who
Can Be Infected By Nyxem E?
PC users with the
following operating systems installed are at potential risk of
infection:
Windows XP Pro and
Home
Windows Server 2003
Windows 2000
Windows 2000 Server
Windows NT
Windows 95
Windows 98
Windows Me
What
Can I Do About By Nyxem E?
|
|
|
1)
NEVER open an attachment even if
it looks like it is from a friend. If you did NOT ask for it treat
with suspicion!
2) Make sure
YOU have an antivirus package installed
...AND that it is up
to date with all the current "virus definitions" available from the
vendor!
|
If you do find out
that you are already infected try one of the following
Removal Tools:
http://www.symantec.com/avcenter/venc/data/w32.blackmal@mm.removal.tool.html
3) Let your friends and family know!
I hope you found this article on the Nyxem Worm
helpful?
Kind Regards
Marc Liron -
Bio
Microsoft Digital Media MVP
Your Guide to using Windows XP
A Unique Windows XP Newsletter?
Sign Up Now!
- Make sure you get your
FREE Guides and Advice...
---------------------------------------------------------------------------------------------------------
Other Websites By Marc Liron - Microsoft MVP
News and Articles on Windows Vista:
www.instantvista.com
Windows Vista Weekly Topics Via Video:
www.thevistaminute.com
| 
