|
Friday Is D-Day for Computer Worm By Brian Krebs, washingtonpost.com
Staff Writer, Wednesday, February 1, 2006; 1:27 PM A computer worm that
infiltrated hundreds of thousands of PCs last month is expected to awaken
Friday, destroying documents and files on infected machines and networks,
Microsoft and computer security experts warn. The worm, variously named
"Nyxem.D," "MyWife.E," "Blackmal.E," and the
"Kama Sutra worm"
by different antivirus companies, is a ticking time bomb that on the third day of each month will seek out and delete a wide range of file types found on
infected Windows computers,
including any Adobe
PDF files and Microsoft Word, Excel and Powerpoint documents, among others. The worm, which began
appearing in e-mail inboxes around Jan. 17, arrives as an attachment disguised
as explicit photos. Microsoft Windows users who open the file will infect their
machines and cause the worm to spread. Microsoft advises
customers who believe their computers may be infected with this worm to scan
their PCs with up-to-date antivirus software or run a "protection
scan" at the company's Windows Live Safety Center Web site. Experts at the SANS
Internet Storm Center in Bethesda estimate that at least 300,000 computers
worldwide have been infected by the worm, with the majority of infections found on computers in India, Peru and Turkey. In the United States,
the infection affects at least 15,000 computers and possibly many more,
according to Joe Stewart, a senior researcher with Chicago-based security
company LURHQ Corp. "A few companies [may] get hit pretty hard, but probably home users are going to be the
hardest hit by this worm,"
Stewart said. Nyxem's destructive
payload is unusual because most modern computer worms are designed not to
cripple their hosts but to enslave them in various criminal enterprises such as
sending out junk e-mail and installing spyware. The code that powers
the worm, however, is not new. The original Nyxem worm surfaced in March 2004
and attempted to enlist infected computers in an online attack against the New
York Mercantile Exchange, whose Web site is www.nymex.com. The letters
"x" and "m" were transposed when the worm was christened
because antivirus vendors generally avoid giving a virus the name that its
creator may have intended. http://www.washingtonpost.com/wp-dyn/content/article/2006/02/01/AR2006020101324.html |
_______________________________________________ Futurework mailing list [email protected] http://fes.uwaterloo.ca/mailman/listinfo/futurework
