The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

F-Secure : News from the Lab – First reports of Nyxem damage

Tuesday, January 31, 2006

First reports of Nyxem damage Posted by Mikko @ 16:24 GMT

The destructive deadline of the Nyxem.E worm is based on the clock of the infected machine. So if you’re infected and your clock is not set right, things could start to happen at any time – even though the official activation time is the 3rd of the month. We’ve already received first reports from users who’ve had files on their system overwritten by the worm.

nyxem_killed

When Nyxem activates, it will overwrite all of your DOC/XLS/PPT/ZIP/RAR/PDF/MDB files. This is nasty, as this is done on all mounted drives, ie. any drive that has a drive letter. So it might affect your USB thumb drives, external hard drives and network drives! Also, if you’re taking daily automatic backups you might end up backing up the corrupted files over good files.

The number of machines that have been hit by this worm is over 300,000. Many of those have been disinfected already, though. But thousands of computers will get their files overwritten on February 3rd – most of them in India, Turkey and Peru.

This worm family has been around since March 2004. The worm is named “Nyxem” because the original Nyxem.A variant launched a DDoS attack against the New York Mercantile Exchange website (www.nymex.com). We don’t know why.

We have a free tool available to help disinfect machines before the deadline passes.

F-Secure : News from the Lab – January of 2006.

About these ads

February 2, 2006 - Posted by | Antivirus News

1 Comment »

  1. [...] antes de la fecha límite pasa. F-Secure: Noticias desde el laboratorio – enero de 2006. version original aqui [...]

    Pingback by F-Secure: Dañan los primeros informes de Nyxem noticias del laboratorio: | ANTIVIRUS | February 20, 2012 | Reply


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: