Go Back   Team-BHP > Around the Corner > Shifting gears


Reply
 
Thread Tools Search this Thread
Old 2nd February 2006, 13:13   #1
Senior - BHPian
 
speedsatya's Avatar
 
Join Date: May 2004
Location: bangalore/manga
Posts: 3,162
Thanked: 706 Times
Default Virus Attack on 3rd Feb 2006!!

Hi Folks,



Windows users are been urged to make sure their systems are clean from an email worm which is programmed to overwrite user's files on 3 February. Blackworm (AKA Nyxem, MyWife or Tearec) has infected more than 300,000 systems worldwide, based on analysis of logs from counter web sites used by the worm.



A worm claiming to offer pictures from the Kama Sutra has begun circulating by email in the latest attempt by virus writers to infect Windows machines by relying on a combination of user stupidity and supposedly salacious content.



The Nyxem-D worm (AKA Blackmal-E) arrives as the infectious payload of email messages with spoofed sender addresses claiming to offer obscene pictures or pornographic movie clips. Subject lines used in the malicious emails include: pics. The worm only affects Windows PCs.





If Activated ...



If activated, Nyxem-D tries to disable security software. It also tries to harvest email addresses from infected PCs in a routine designed to draw up a hit list of targets for infection. Nyxem-D is programmed to download updates of its code onto infected PCs.



Its behaviour is little different from standard email worms apart from the fact it is programmed to overwrite DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP on 3 February. The worm creates and opens a ZIP archive in the Windows system directory, potentially giving away its presence on infected systems but don't rely on this. Blackworm is programmed to download updates of its code onto infected PCs.





PRE-CAUTION



Standard defensive precautions against viral attacks apply in defending against Nyxem-D. Users are urged to patch systems up to date and update anti-virus signature definition files. Resisting the temptation to open unsolicited email attachments is also a good idea, of course
speedsatya is offline   Reply With Quote
Old 2nd February 2006, 13:51   #2
Team-BHP Support
 
tsk1979's Avatar
 
Join Date: Feb 2005
Location: New Delhi
Posts: 22,852
Thanked: 15,407 Times
Default

I dont use windows except for stan chart website.
So guess I am safe!
tsk1979 is offline   Reply With Quote
Old 2nd February 2006, 14:33   #3
Senior - BHPian
 
Join Date: Oct 2004
Location: Bangalore
Posts: 1,429
Thanked: 30 Times
Default

I have never used windows since ages. Take care guys. Windows and internet means problems galore....
deepakhon is offline   Reply With Quote
Old 2nd February 2006, 14:41   #4
BHPian
 
sbasak's Avatar
 
Join Date: Nov 2005
Location: CCU-LTN
Posts: 607
Thanked: 7 Times
Default

Another reason why people should use Linux!
If you're not already - try Ubuntu, Knoppix or Puppy Linux. All of them are FREE and can be run from CD and puppy is lightning fast as it loads entire OS into RAM.

However, if you use a Winmodem (not a hardware modem as in most laptops) Linux support still sucks!
sbasak is offline   Reply With Quote
Old 2nd February 2006, 14:43   #5
Senior - BHPian
 
revtech's Avatar
 
Join Date: Nov 2004
Location: Bombay
Posts: 1,987
Thanked: 35 Times
Default

hey speedsatya
thanx for the info.will be careful.


Rev
revtech is offline   Reply With Quote
Old 2nd February 2006, 16:03   #6
BHPian
 
hianooo's Avatar
 
Join Date: Jun 2004
Location: Kochi, nw in Bangalore...
Posts: 63
Thanked: 0 Times
Default "subject lines and filenames" with reference to the blackworm virus.

Beware of these file names and subject lines.!!!

Subject lines:
CME-24
*HOT MOVIE*
F*** in Kama sutra pics
FW: Sex.mpg
Fwd: crazy illegal sex!
give me a kiss
Miss Lebanon 2006
Schol girl fantasies gone bad
The best video clip ever
hianooo is offline   Reply With Quote
Old 2nd February 2006, 16:09   #7
BHPian
 
hianooo's Avatar
 
Join Date: Jun 2004
Location: Kochi, nw in Bangalore...
Posts: 63
Thanked: 0 Times
Default

File names:

Email-Worm.win32.Nyxem.e
W32/MyWife.d@MM
cme-24
w32/Kasper.A@mm
worm/KillAV.GR
win32/Blackmail.f
w32/Grew.A!wm
nyxem.E
Worm/Generic.FX
W32/small.Kl
W32/trace.a.worm
w32/nyxem-D
WORM_GREW.A
w32.BlackMail.E@mm
hianooo is offline   Reply With Quote
Old 2nd February 2006, 16:26   #8
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

get the removal tool here.... http://www.quickheal.co.in/public/news/newsvbi.asp

Oops, I didn't even get a single copy of the virus!... guess I'm going out of business!
has anyone come accross this thing actually?
SLK is offline   Reply With Quote
Old 2nd February 2006, 16:34   #9
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

Quote:
Originally Posted by sbasak
Another reason why people should use Linux!
The day majority of the world shifts to Linux... u'll have these viruses for Linux....
If I'm not wrong.. this virus is not one based on windows vulnerabilities... just a damaging computer program.... and the author wanted it to run on windows.... b'coz then it would be more in the news!!
SLK is offline   Reply With Quote
Old 2nd February 2006, 17:07   #10
Team-BHP Support
 
Zappo's Avatar
 
Join Date: Oct 2005
Location: Hyderabad
Posts: 5,631
Thanked: 1,976 Times
Default

Quote:
Originally Posted by SLK
The day majority of the world shifts to Linux... u'll have these viruses for Linux....
If I'm not wrong.. this virus is not one based on windows vulnerabilities... just a damaging computer program.... and the author wanted it to run on windows.... b'coz then it would be more in the news!!
Bingo! You said it. It could not have been put in a more lucid way.
Zappo is offline   Reply With Quote
Old 2nd February 2006, 17:16   #11
BHPian
 
ghostrider4385's Avatar
 
Join Date: Dec 2005
Location: Hyderabad
Posts: 389
Thanked: 7 Times
Default

Haha... most of our office comps infected with the blackmail virus (my system was few of the ones saved!). Doesnt that mean someone in my office was trying to view porn during office hours?! ... talk about heights of desperation!
Does this virus load when you open the mail by clicking on the subject/senders name in the main page of the inbox, or does it when you download a file sent as an attachment?

Godspeed.

Alok.
ghostrider4385 is offline   Reply With Quote
Old 2nd February 2006, 17:18   #12
Senior - BHPian
 
speedsatya's Avatar
 
Join Date: May 2004
Location: bangalore/manga
Posts: 3,162
Thanked: 706 Times
Default

nothings gonna happen unless you open attachments...so no watching adult stuff for sometime
speedsatya is offline   Reply With Quote
Old 2nd February 2006, 18:11   #13
Senior - BHPian
 
adya33's Avatar
 
Join Date: Apr 2005
Location: Pune
Posts: 1,839
Thanked: 91 Times
Default

Before this topic turns into Windows vs Linux topic
In following link you can find more information about virus
http://www.f-secure.com/v-descs/nyxem_e.shtml

I was unable to run removal tool from above link, so I am using Quick Heal solution
You can also get another one form here ( http://www.bitdefender.com/VIRUS-100...yxem.E@mm.html )
It is better to scan with two different virus removal tools

Last edited by adya33 : 2nd February 2006 at 18:13.
adya33 is offline   Reply With Quote
Old 2nd February 2006, 19:00   #14
SLK
Senior - BHPian
 
SLK's Avatar
 
Join Date: Feb 2004
Location: DL XX XX XXXX
Posts: 1,288
Thanked: 184 Times
Default

my father, could not update his office comp today.... so .. tomorrow he won't switch it on
SLK is offline   Reply With Quote
Old 2nd February 2006, 19:44   #15
BHPian
 
falcon's Avatar
 
Join Date: Jun 2005
Location: Mumbai / Goa / UK
Posts: 88
Thanked: 2 Times
Default

Quote:
Originally Posted by SLK
Oops, I didn't even get a single copy of the virus!... guess I'm going out of business!
has anyone come accross this thing actually?
Ive got a couple of mails with it from ppl I know (who have me in their address books!!!)
U want some ? ;-)
falcon is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which Anti-virus software do you use ? adityapd Gadgets, Computers & Software 725 6th April 2015 09:04
Vintage Car Drive to Mahabaleshwar - 3rd Edition (Feb 2014) kasli Vintage Cars & Classics in India 26 13th March 2014 18:05
Cruise in 3rd gear, or keep shifting between 3rd & 4th? syravi Technical Stuff 11 29th September 2011 10:44
Charitable cause: Blind Man Car Rally 2007 MUMBAI Report 11th Feb (Chennai 18th Feb) GTO Indian Motorsport 56 14th February 2007 16:14
Spybot virus Deeps Shifting gears 4 9th October 2004 23:03


All times are GMT +5.5. The time now is 00:50.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks