All quiet on the Nyxem front
Published: 03 Feb 2006 13:05 GMT
The Nyxem worm, which was expected to start deleting files on infected computers on Friday morning, appears to have caused little damage.
The virus, also known as the Kama Sutra worm, Blackworm and MyWife, is programmed to overwrite some common types of file on the third day of every month.
Once active, Nyxem overwrites all Word, Excel, PowerPoint, and PDF file types on a compromised PC. The multi-faceted malware also attempts to propagate itself both through email and as a network worm, which can be particularly damaging on closed networks.
Email filtering company MessageLabs reported on Friday morning it had detected just 102 UK IP addresses that were sending out copies of the worm. Those infected machines probably belong to home users. Globally, the current number of infected PCs is 20,000, according to MessageLabs, much less than the 300,000 infected machines detected earlier this week.
MessageLabs said that a coalition of antivirus vendors, ISPs and police forces had alerted users to the potential damage the worm could cause, which encouraged those who felt they might be infected to take action.
"Over the last couple of weeks, an international taskforce has been encouraging businesses and home users to clean their machines so they don't get hit. All the major antivirus vendors — Sophos, Trend, McAfee, Symantec — have been working together with the UK police and the FBI. Service providers from around the world have also been cooperating," said Alex Shipp, senior antivirus technologist for MessageLabs.
India is the country with the highest infection rate, MessageLabs reported, with 4,000 infected machines. The country with the next highest infection rate was the US, with 1,000 compromised PCs. Shipp said that collaborative efforts between ISPs in India and in the US, may not have been as effective.
"UK ISPs have been very proactive. Easynet realised the problem and contacted their users. That's an excellent policy. ISPs are going to be the first line of defence for many home users in the future," said Shipp.
Security companies in the Asia-Pacific region reported little evidence that Nyxem was causing major problems.
"No local outbreaks reported and very few reports of infections. Most companies are seeing the virus at the gateway but not in large numbers — typically a few hundred viruses are blocked," said Allan Bell, McAfee's marketing director for the Asia-Pacific region.
Sophos also reported little viral activity, describing the virus as "a bit of a damp squib".
"There's been no death, no Titanic-style disaster," said Graham Cluley, senior technology consultant for Sophos. "So far there's been extremely little activity. We've had no reports of data destroyed from our business customers. That doesn't mean people can afford to be complacent, though."
F-Secure also recommended caution, as the virus starts corrupting files half an hour after a PC is turned on.
"We won't know the full scope of the damage until home users go home from work and turn on their PCs. We won't really hear until next week," said Mikko Hyppönen, director of antivirus research for F-Secure.
"We know there are widespread cases. One multinational company based in America had tens of thousands of PCs infected, and they might not even boot up their systems at all today," Hyppönen told ZDNet UK. Hyppönen refused to give the name of the company.
Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.
Did you find this article useful?
188 out of 302 people found this useful
- Share this article:
