From BBC News > Technology
http://news.bbc.co.uk/2/hi/technology/4661582.stm
Cover of Microsoft Office, Microsoft
Many file types from Microsoft Office are targeted by Nyxem
PC users have been urged to scan their computers before 3 February to
avoid falling victim to a destructive virus.
On that date the Nyxem virus is set to delete Word, Powerpoint, Excel
and Acrobat files on infected machines.
Nyxem is thought to have caught out many people by promising porn to
those who open the attachments on e-mail messages carrying the virus.
Anti-virus companies have stopped lots of copies, suggesting it had
infected a large number of computers.
Porn peril
The Nyxem-E Windows virus first emerged on 16 January and has been
steadily racking up victims ever since. Nyxem-E is also known as the
Blackmal, MyWife, Kama Sutra, Grew and CME-24 virus.
Helpfully, the virus reports every fresh infection back to an associated
website which displays the total via a counter. Late last week the
counter was reporting millions of infections, but detective work by
security firm Lurhq found that many of these reports were bogus.
SAMPLE SUBJECT LINES
Fw: Funny :)
Fw: Picturs
*Hot Movie*
Fw: SeX.mpg
Re: Sex Video
Miss Lebanon 2006
School girl fantasies gone bad
However, Lurhq reported that more than 300,000 machines are known to
have fallen victim to Nyxem-E.
Like many recent viruses, Nyxem tries to spread by making people open
attachments on e-mail messages that are infected with the destructive code.
The subject lines and body text of the various messages Nyxem uses vary,
but many falsely claim that pornographic videos and pictures are in the
attachments.
On infected machines the virus raids address books to find e-mail
addresses to send itself to.
The virus also tries to spread by searching for machines on the same
local network as any computer it has compromised.
Unlike many recent viruses Nyxem is set to overwrite 11 different types
of file on infected machines on the third of every month. The list of
files to be over-written includes the most widely used sorts of formats.
NYXEM FILE TARGETS
DMP - Oracle files
DOC - Word document
MDB - Microsoft Access
MDE - Microsoft Access/Office
PDF - Adobe Acrobat
PPS - PowerPoint slideshow
PPT - PowerPoint
PSD - Photoshop
RAR - Compressed archive
XLS - Excel spreadsheet
ZIP - Compressed file
Separately, the virus also tries to disable anti-virus software to stop
it updating and can also disable the mouse and keyboard on infected
machines.
Users were being urged to update anti-virus software and to scan their
system to ensure they had not been caught out. Many anti-virus firms
have also produced tools that help clean up infected systems.
Jason Steer, technical consultant at mail filtering firm Ironport, said
Nyxem was a throwback to the types of viruses that used to circulate in
the early days of computer networks.
"If you go back 10-15 years ago viruses tended to quite malicious," he
said. "They were going to re-format your hard disk, delete files and so on."
Pete Simpson, threat lab manager at security firm Clearswift, said:
"It's a bit puzzling because script kiddies have largely left the scene.
"It shows a certain intelligence in its design but what's the motive?"
he asked, "Pure vandalism does not ring true these days."
Both Mr Steer and Mr Simpson feared that home users would be hardest hit
by Nyxem on 3 February.
Most businesses, they said, now have regularly updated anti-virus
systems in place and disinfect e-mail traffic before it reaches users'
desktops.
By contrast many home users did not regularly patch Windows, update
anti-virus or perform full system scans to ensure their machine stays
clean. Users were also encouraged to make regular back-ups of any files
they want to preserve.
--
Adi D. Jayanto
"small chance could move the world"
http://electrohide.sharewith.us
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/mailplus/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
