Pages

Thursday, 31 January 2008

Nyxem.e: The February 3 computer virus

2008
By Syed Akbar
Hyderabad, Jan 31: A dangerous email worm discovered only 10 days ago is all set to create havoc on February 3, eating away stored data in computers and generating email messages on its own in the name of computer users.
The worm, Nyxem.e, is a malicious virus programmed in such a way that it attacks computers via internet on the third of every month. It has already affected thousands of computers worldwide and is all set to repeat it on February 3.
This 75kb virus, though in existence for quite sometime, was discovered on January 20. The February 3 encounter is going to be its first attack after computer experts discovered the nature of the virus and its malicious functioning once it infects a computer. It has a dangerous payload which activates if the computer date is equal to 3 (February 3 for instance).
The infected computer generates email messages on its own and sends them to various persons in the mailing list, often creating confusion and discord among friends. In order to do this, it establishes a direct connection with the recipient’s SMTP server. It also deletes data from infected machines. The virus spreads through internet as an attachment to infected messages. It also infects through files placed on open network resources.
According to MH Nobel, chief executive officer of Zoom Technologies, a security solutions company, the worm regularly checks the system time. "When the system data is the third of the month, 30 minutes after the victim machine is booted, Nyxem will delete information from common file formats, replacing data with a meaningless set of symbols," he observed warning that February 3 could turn out to be a very difficult day for unprotected users if they open email messages on that day.
The virus is programmed to deceive the internet user. The file arrives attached to an email with one of 25 different subjects to mislead the unsuspecting user. The message body and attachment name is also different in 20 ways.
"The worm is activated when the user opens the attachment. Once the worm has been launched, it creates a Windows ZIP archive which will have the same name as the attachment, and then opens it," says G Sirish, network engineer aqt GVK Industries. Sirish described the worm Win32.Nyxem.e as a mass mailing time bomb having the potential to cause a huge amount of data loss on unprotected or semi protected sytems.
In the last 10 days since the virus was discovered, software experts have preferred to call it in half a dozen different names. They are Nyxem.e virus is W32/MyWife.d@MM, Kama Sutra, W32.Blackmal.E@mm, Email-Worm.Win32.Nyxem.e.
The virus collects email addresses from files with extensions like .htm, .dbx, .eml, .msg, .oft, .nws, .vcf, .mbx, .imh, .txt and .msf with catchy subject names which include The Best Videoclip Ever, School girl fantasies gone bad, A Great Video, Fuckin Kama Sutra pics, Arab sex DSC-00465.jpg, give me a kiss, *Hot Movie*, Fw: Funny :), Fwd: Photo, Fwd: image.jpg, Fw: Sexy, Re:, Fw:, Fw: Picturs, Fw: DSC-00465.jpg, Word file, eBook.pdf, the file, Part 1 of 6 Video clipe, You Must View This Videoclip!,
Miss Lebanon 2006, Re: Sex Video and my photos.
"This worm signifies the evolution of simple viruses and worms into the highly sophisticated malacious softwares have the features of viruses and worms rolled into one," warns ethical hacker Mustan D.

No comments:

Post a Comment