Microsoft joins 'Blackworm' D-Day warning chorus

Microsoft's anti-malware engineering team has joined the chorus of calls for computer users to be on high alert for an email worm that uses social engineering tactics to deliver a destructive payload. The company issued an official security advisory to back up a warning from its anti-malware researchers that the worm—known as Kama Sutra, Blackworm, MyWife.E, Nyxem.E—is programmed to "permanently corrupt a number of common document format files on the third day of every month. With a D-Day of February 3, 2006 fast approaching, Microsoft is beating the drum for PC users to update anti-virus signatures and be on high alert for suspicious email attachments. Volunteer security researches have already notified ISPs about possible customer infections and the LURHQ Threat Intelligence Group has released Snort signatures to help enterprises detect infected users in a net-space. Finnish anti-virus vendor F-Secure has released a free disinfection tool to help clean compromised computers before the Feb. 3 deadline. F-Secure chief incident officer Mikko Hypponen said the first reports of destruction has already started to filter in. "The destructive deadline of the Nyxem.E worm is based on the clock of the infected machine. So if you're infected and your clock is not set right, things could start to happen at any time—even though the official activation time is the 3rd of the month," Hypponen explained in a blog entry. "We've already received first reports from users who've had files on their system overwritten by the worm." When the worm activates, it destroys all Microsoft Word, Microsoft Excel, PowerPoint, PDF, ZIP and PSD files on all available drives. "This is nasty," Hypponen said, noting that the payload may also affect a USB thumb drive, external hard drives and network drives. "If you're taking daily automatic backups you might end up backing up the corrupted files over good files," he warned. The number of machines already infected is believed to be in the range of 300,000, mostly in India, Turkey and Peru. But, with ISPs already notified, most of those machines may already have been cleaned. In Microsoft's advisory, the company said the malware sends itself to all the contacts that are contained in an infected system's address book. It is also programmed to spread over writeable network shares on systems that have blank administrator passwords. The company also issued the following guidance for Windows users: Use up-to-date antivirus software: Most anti-virus software can detect and prevent infection by known malicious software. Always run anti-virus software that is automatically updated with the latest signature files to help protect from infection. Use caution with unknown attachments: Use caution before opening unknown email attachments, even if the sender is known. If you cannot confirm with the sender that a message is valid and that an attachment is safe, delete the message immediately. Then, run up-to-date anti-virus software to check your computer for viruses. Use strong passwords: Strong passwords on all privileged user accounts, including the Administrator account, will help block this malware's attempt to spread through network shares. UKFast is not responsible for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: