PDA

View Full Version : Wormy Friday -



kassi59
02-01-2006, 03:23 PM
Id just like to start thread for those who know any information about the "friday worm" that is about to occur in a few days. Im sure I dont know as much as I need to and there may be someone that isnt aware of it!

racefan20
02-01-2006, 05:25 PM
Most infected machine are believed to be in India, Peru, Italy and Turkey, but it never hurts to be safe.

NEW YORK - If you have computer files you'd rather not lose, now is a good time to make sure your anti-virus software is up to date. A worm set to activate Friday will corrupt documents using the most common file types, including ".doc," ".pdf," and ".zip."

Hundreds of thousands of machines are believed to be infected, mostly in India, Peru, Turkey and Italy, said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp.

The worm, known as "CME-24," "BlackWorm," "Mywife.E" or a number of other mo****rs, even tries to disable anti-virus software that is out of date, he said.

Thus, users should make sure their software is turned on and has the latest definitions, generally available for free from the software vendor's Web site. F-Secure also has created a free removal tool.

"If you are infected, and you find out about it today, you still have time to get rid of the virus," Hypponen said.

As worms go, the spread of BlackWorm is relatively low. But worms these days are generally designed to help spammers and hackers carry out attacks, not to destroy files as this one does. So the impact this time may be more severe.

Microsoft Corp. issued an advisory Tuesday (http://www.microsoft.com/technet/security/advisory/904420.mspx) warning customers about the worm, which affects most versions of its Windows operating system.

Users should be safe if they have the latest anti-virus software or if their computers are set with limited privileges, a common setting in larger organizations. They are vulnerable if they, like many small business and home users, leave their computers set with full administrative rights.
And users should check the date on the computer. The worm hits the third of every month, so if the computer's local calendar settings are off, Hypponen said, files may be destroyed sooner or later, even if the computer is never turned on Friday.

limebrook1
02-01-2006, 07:11 PM
Countdown for nasty Windows virus

PC users have been urged to scan their computers before 3 February to avoid falling victim to a destructive virus.
On that date the Nyxem virus is set to delete Word, Powerpoint, Excel and Acrobat files on infected machines.
Nyxem is thought to have caught out many people by promising porn to those who open the attachments on e-mail messages carrying the virus.
Anti-virus companies have stopped lots of copies, suggesting it had infected a large number of computers.
Porn peril
The Nyxem-E Windows virus first emerged on 16 January and has been steadily racking up victims ever since. Nyxem-E is also known as the Blackmal, MyWife, Kama Sutra, Grew and CME-24 virus.
Helpfully, the virus reports every fresh ********* back to an associated website which displays the total via a counter. Late last week the counter was reporting millions of *********s, but detective work by security firm Lurhq found that many of these reports were bogus.
SAMPLE SUBJECT LINES
Fw: Funny :)
Fw: Picturs
*Hot Movie*
Fw: SeX.mpg
Re: Sex Video
Miss Lebanon 2006
School girl fantasies gone bad

However, Lurhq reported that more than 300,000 machines are known to have fallen victim to Nyxem-E.
Like many recent viruses, Nyxem tries to spread by making people open attachments on e-mail messages that are infected with the destructive code.
The subject lines and body text of the various messages Nyxem uses vary, but many falsely claim that pornographic videos and pictures are in the attachments.
On infected machines the virus raids address books to find e-mail addresses to send itself to.
The virus also tries to spread by searching for machines on the same local network as any computer it has compromised.
Unlike many recent viruses Nyxem is set to overwrite 11 different types of file on infected machines on the third of every month. The list of files to be over-written includes the most widely used sorts of formats.
NYXEM FILE TARGETS
DMP - Oracle files
DOC - Word document
MDB - Microsoft Access
MDE - Microsoft Access/Office
PDF - Adobe Acrobat
PPS - PowerPoint slideshow
PPT - PowerPoint
PSD - Photoshop
RAR - Compressed archive
XLS - Excel spreadsheet
ZIP - Compressed file

Separately, the virus also tries to disable anti-virus software to stop it updating and can also disable the mouse and keyboard on infected machines.
Users were being urged to update anti-virus software and to scan their system to ensure they had not been caught out. Many anti-virus firms have also produced tools that help clean up infected systems.
Jason Steer, technical consultant at mail filtering firm Ironport, said Nyxem was a throwback to the types of viruses that used to circulate in the early days of computer networks.
"If you go back 10-15 years ago viruses tended to quite malicious," he said. "They were going to re-format your hard disk, delete files and so on."
Pete Simpson, threat lab manager at security firm Clearswift, said: "It's a bit puzzling because script kiddies have largely left the scene.
"It shows a certain intelligence in its design but what's the motive?" he asked, "Pure vandalism does not ring true these days."
Both Mr Steer and Mr Simpson feared that home users would be hardest hit by Nyxem on 3 February.
Most businesses, they said, now have regularly updated anti-virus systems in place and disinfect e-mail traffic before it reaches users' desktops. By contrast many home users did not regularly patch Windows, update anti-virus or perform full system scans to ensure their machine stays clean. Users were also encouraged to make regular back-ups of any files they want to preserve.

kassi59
02-02-2006, 12:39 PM
Wonderful posts! very good advice and information! These people are like any other criminal the more the good people take action,discuss and work together the less power they have!
And I think we all can agree that they need to have less power!