News
[PSUs]| Monday 23rd January 2006 |
But Nyxem.E is spreading and spreading fast according to Finnish security company F-Secure. First spotted on Friday, the website used by the worm to count infections had tallied some 417,000 within the same day. On Monday, F-Secure's own logs showed more than half a million infections
|
|
|
ADVERTISEMENT |
|
F-Secure has now given the virus a Radar level 2 warning.
The worm is nothing out of the ordinary: it tempts recipients of infected emails into opening attachments with filenames such as *Hot Movie* and Miss Lebanon 2006.
Once run, the worm copies itself to the computer and makes an edit to the Registry to ensure it is run each time the system is started. It looks for running processes linked to antivirus software and turns them off and looks for email addresses and folders used for file-sharing which it can use to propagate itself.
But the most sinister aspect of Nyxem is that it is programmed to replace the content of files on an infected machine with a text string 'DATA Error [47 0F 94 93 F4 K5]' on the third day of each month. That means that half a million people or more could find their .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, and .dmp files turned to dust in a week or so.
Submit to: Digg | Slashdot | Del.icio.us | Technorati
