Countdown for nasty Windows virus

[Guest c4evap]

NEWS FLASH

 

PC users have been urged to scan their computers before February 3rd. to avoid falling victim to a destructive virus.

 

On that date the Nyxem virus is set to delete Word, Powerpoint, Excel and Acrobat files (as well as others - see list below) on infected machines.

 

Nyxem is thought to have caught out many people by promising porn to those who open the attachments on e-mail messages carrying the virus.

 

Anti-virus companies have stopped lots of copies, suggesting it had infected a large number of computers.

 

Porn peril

 

The Nyxem-E Windows virus first emerged on 16 January and has been steadily racking up victims ever since. Nyxem-E is also known as the Blackmal, MyWife, Kama Sutra, Grew and CME-24 virus.

 

Helpfully, the virus reports every fresh infection back to an associated website which displays the total via a counter. Late last week the counter was reporting millions of infections, but detective work by security firm Lurhq found that many of these reports were bogus.

 

SAMPLE SUBJECT LINES

Fw: Funny : )

Fw: Picturs

*Hot Movie*

Fw: SeX.mpg

Re: Sex Video

Miss Lebanon 2006

School girl fantasies gone bad

 

However, Lurhq reported that more than 300,000 machines are known to have fallen victim to Nyxem-E.

 

Like many recent viruses, Nyxem tries to spread by making people open attachments on e-mail messages that are infected with the destructive code.

 

The subject lines and body text of the various messages Nyxem uses vary, but many falsely claim that pornographic videos and pictures are in the attachments.

 

On infected machines the virus raids address books to find e-mail addresses to send itself to.

 

The virus also tries to spread by searching for machines on the same local network as any computer it has compromised.

 

Unlike many recent viruses Nyxem is set to overwrite 11 different types of file on infected machines on the third of every month. The list of files to be over-written includes the most widely used sorts of formats.

 

NYXEM FILE TARGETS

DMP - Oracle files

DOC - Word document

MDB - Microsoft Access

MDE - Microsoft Access/Office

PDF - Adobe Acrobat

PPS - PowerPoint slideshow

PPT - PowerPoint

PSD - Photoshop

RAR - Compressed archive

XLS - Excel spreadsheet

ZIP - Compressed file

 

Separately, the virus also tries to disable anti-virus software to stop it updating and can also disable the mouse and keyboard on infected machines.

 

Users were being urged to update anti-virus software and to scan their system to ensure they had not been caught out. Many anti-virus firms have also produced tools that help clean up infected systems.

 

Jason Steer, technical consultant at mail filtering firm Ironport, said Nyxem was a throwback to the types of viruses that used to circulate in the early days of computer networks.

 

"If you go back 10-15 years ago viruses tended to quite malicious," he said. "They were going to re-format your hard disk, delete files and so on."

 

Pete Simpson, threat lab manager at security firm Clearswift, said: "It's a bit puzzling because script kiddies have largely left the scene.

 

"It shows a certain intelligence in its design but what's the motive?" he asked, "Pure vandalism does not ring true these days."

 

Both Mr Steer and Mr Simpson feared that home users would be hardest hit by Nyxem on 3 February.

 

Most businesses, they said, now have regularly updated anti-virus systems in place and disinfect e-mail traffic before it reaches users' desktops.

 

By contrast many home users did not regularly patch Windows, update anti-virus or perform full system scans to ensure their machine stays clean. Users were also encouraged to make regular back-ups of any files they want to preserve.

 

There you have it. Make sure you update your protection and watch those emails from strangers!

 

c4 B)

[Mav]

While I can't say for 100% fact, I still believe I'm clean. I never open email attachments from people I do not know, hell I don't even open emails from people I don't know (at least not without checking the header to see the from; url or to check for a spoof). Of the infected file types I've just got your typical winzip, winrar and ps installed. I've got Adobe Acrobat Reader or whatever it's called but thats just for the rare occasional viewing of pdf's, which of course I also scan when downloading.

 

I find it quite amusing it's main target(s) are Microsoft Office formats. While I have and do pirate some software packages, I never felt the need to get MS Office. I do feel sorry for the poor saps that paid the insane cost for it, that could be at a loss to this virus.

[StitchInTime]

Luckily, while I regularly seek out new life and civilizations, I never go looking for porn. If I see any suspicious-looking topics in email, I exterminate it, but my email has anti-spam features, etc., which usually catch this kind of trash anyway. And, I scan, scan, scan, with, and update, update, update, my anti-virus, anti-whatever protection software all the time. Because, as Jon Pertwee always said, there's nothing more disconcerting than coming home to find a yeti sitting on your loo. :cyclops:

[Guest c4evap]

:p hahahahahha...on the loo. :p

 

That's the most important thing...keeping your virus definitions up to date along with your spy-ware scanner software. I've found that my friends who only have dial-up are more susceptible because of the long download time for some of the updates...especially Windows updates. They get frustrated and stop the download figuring they'll complete it later. Well, they inevitably forget and..."baa-daa-bing"...virus.

 

EDIT: Here's an interesting web site I stumbled on: StopBadware.org

 

c4 B)

[bbbb]

Those virus makers need to get a life. They would cause so much damage just to satisfy their petty desires.

[StitchInTime]

That's the most important thing...keeping your virus definitions up to date along with your spy-ware scanner software. I've found that my friends who only have dial-up are more susceptible because of the long download time for some of the updates.

It is more of a pain to update if you have dialup, but losing your software or hard drive is a lot worse than having to wait a few minutes to get what you need to protect them.

[Guest c4evap]

Those virus makers need to get a life. They would cause so much damage just to satisfy their petty desires.

 

Well, the ones that take over someone elses computer aren't into petty things at all. A lot of this stuff comes from professional criminals - many in Russia. They "corral" a ton of computers and turn them into "bots" using them for mass email scams and extortion (IE: send us $100,000.00 or we will crash your system with a DOS [Denial Of Service] attack). They can make big bucks as "hi-jackers".

 

c4 :(

[S0V13T]

A lot of this stuff comes from professional criminals - many in Russia.

 

Hey! Just because I'm a professional criminal, and my family are all professional criminals ....

[ank329]

ouch, that does not sound like a pleasent virus. It would cause major damage to people in college dorms, wiping out papers, homework assignements etc...

[Guest c4evap]

A lot of this stuff comes from professional criminals - many in Russia.

 

Hey! Just because I'm a professional criminal, and my family are all professional criminals ....

 

 

Now, now, now S0V...never said that. Please don't put words in my mouth.

 

Never said you were a professional... :p

 

c4 :cyclops:

[bones2097]

hum.. whos gona admit they're infected?? :)

[TFMF]

hum.. whos gona admit they're infected?? :)

 

#We11' i'M c£rt@in1y n0t *iNF£cT£D|||

 

;)

[StitchInTime]

(IE: send us $100' date='000.00 or we will crash your system with a DOS [Denial Of Service'] attack). They can make big bucks as "hi-jackers".

I'm afraid I'd have to let it crash then, unless they accept Monopoly money. ;)

[anthonyisbad]

doesn't infect macs eh? :D

[Carlvsi]

I`ve seen a specialist about this virus.

 

He`s given me something for it.

 

What I can`t figure out is ...... :thinking:

 

where do you put the pills? :D

 

 

BTW Thanks for the heads up c4. Scan completed. All clear .... now!

[StitchInTime]

where do you put the pills? :D

In the pill expansion slot, of course, though I prefer the injectable vaccine myself. ;)

[kyran]

Those virus makers need to get a life. They would cause so much damage just to satisfy their petty desires.

 

most virus writers lately have all ended up with good well paid jobs

it only encourages more to do the same

this guy however seems more intent on causing harm

 

so lets hang him instead

 

[Hilander72]

T - 00:09:00 and counting...

 

It would be a disaster to loose everything that can't be d/l.

 

Inserting disk in drive A:

Saving files...

Ejecting disk from drive A:

 

Phew! Made it in time (2 min and a few sec to spare). :cyclops:

[StitchInTime]

Or, drive D:, as the case may be. :cyclops:

[meateater]

Another virus tailored to attack pornophiles? Like our lives aren't hard enough. At least most of us are smart enough to avoid suspecious emails... I hope...