Home Technical Stuff and Help
Options

virus warning out there: fyi

melodiousmelodious Posts: 1,719
edited February 2006 in Technical Stuff and Help
An Internet worm that's been circulating for a couple of weeks is set to destroy files on infected personal computers this Friday, Feb 3. Security company Symantec has dubbed it "W32.Blackmal.E@mm," but other security companies have given it different names including "Nyxem," "blackworm," "Grew.A," "My Wife" and "Kama Sutra." Whatever it's called, it has already infected 300,000 systems, according to the Sans Institute but, by PC worm standards, it's still considered a relatively low threat.

The worm is spread by e-mail. It tries to harvest e-mail addresses from infected machines so it may appear to come from someone you know. Unlike many past worms, it is not limited to Microsoft Outlook or Outlook Express - all Windows users are vulnerable but it affects only Windows - not Macintosh, Linux or other operating systems.

It watches your PC's clock and is set to delete files from infected machines on Feb. 3.


Unlike many of the threats we've heard about lately, there doesn't appear to be any financial motivation. TrendMicro spokesperson David Perry calls it "an old fashioned destructive virus. It doesn't have any profit motive." Symantec's Vincent Weafer says it reminds him of the "earlier days of cyber vandalism versus crime."

It's not spyware, it doesn't send out spam, but it can delete document files such as those created by Word, Excel and other applications as well as MP3 music files. The worm will also try to disable your anti-virus software and, once your machine is infected, it harvests e-mail address from your PC and tries to infect people you know.

The worm is attached to an e-mail that can have a variety of subject lines or messages. Subject lines could include "Hot Movie," "Arab sex," "give me a kiss" or "Fwd: Crazy illegal Sex!" but others are also possible.

The good news is that major anti-virus software can detect and remove the worm but only if the software is up-to-date. If you haven't already done so, use your software's update feature to make sure you have the latest anti-virus "signatures."

Because infections, so far, have been measured in the hundreds of thousands rather than millions, Weafer calls it a "low to medium risk."

He says people with out-dated anti-virus definitions (or no anti-virus software) are at a higher risk. In addition to spreading through e-mail, Weafer says that it can also propagate via a local area network. Symantec has a Web page with a technical description of the worm.

In addition to running anti-virus software, it's also a very good idea to have a backup of your data files. Be sure, however, that your files are backed up to a drive that's not connected to your PC, such as a removable hard drive (that's unplugged), a CD or a DVD.

As always be very careful before clicking on attached files, even if they are from someone you know. If someone does send you a file, contact them to make sure it was deliberate.

If you don't have up-to-date anti-virus software, you can use one of the free virus scanning services such as TrendMicro's Housecall.

Anti-virus companies are being uncharacteristically careful not to exaggerate the risk. "I hesitate to go out on a limb on a virus like this," said TrendMicro's David Perry. "I don't know if there will be damage on Friday."

If Friday does come and go without substantial damage, we'll never know for sure whether it's because the worm had no bite or because we were all prepared. Either way, that would be good news.
all insanity:
a derivitive of nature.
nature is god
god is love
love is light
Post edited by Unknown User on

Comments

  • Options
    aNiMaLaNiMaL Posts: 7,118
    Yeah, good call....

    I work for a global companies IT department and here is what we are doing:

    LAPTOP AND VPN USERS: NEW VIRUS ALERT

    A new virus (known as Blackworm, Blackmal, Nyxem, MyWife, or Tearec), different and more serious than other viruses because it will overwrite a user's files, including files on shared drives (i.e. network drives, like the M drive, Q drive, etc.) is said to go into effect Feb. 3, 2006.

    XXXX XXXXX's network security team will temporarily block VPN users’ access to network drives starting Thursday afternoon, before the clocks roll over to Feb. 3 in the UK. The network security team will closely monitor the situation and re-activate VPN access in approximately 24 hours, once they determine that no infected machines are attempting to attack our network resources.

    In the meantime, all home and laptop users should backup their document files tonight; verify that their antivirus software is up-to-date (updated Jan. 23 or later), and then run a full scan immediately.

    If you have any questions, please call the IT Help Desk at extension xxxx.

    This is good info for anyone wondering about what to do.
Sign In or Register to comment.