The Blackworm, Nyxem, KamaSutra Worm…
Lot’s of news following up on the Nyxem worm in the last few days. It’s currently going under a number of names, the Kama Sutra Worm, Blackworm are some of the more common names. Sans has a page for information on the worm here. Microsoft has detailed manual removal instructions. The counter that logs the worms infections, is close to 2 million. That last note might be taken with a grain of salt, as the counter is tracking all visits to the page, even curious security researchers. Why all the big fuss?
The big fuss is that on February 3rd this worm will wreak havoc on the document files of any machine that’s infected. The files would essentially be overwritten with a line of garbage. This would make recovery of the files extremely difficult if not impossible. Deleting a file is one thing, you just tell the operating system that it’s ok to re-use the space that the file uses, writing OVER the file puts you at a bigger disadvantage for data recovery. So, it’s important to get the word out to anyone that might not have current working antivirus to make sure they get at least an online check.
For those with the misfortune of trying to keep track of virus names, here is a list of the different labels that are being tossed around for this one.
AntiVir Worm/KillAV.GR
Avast! Win32:VB-CD [Wrm]
AVG Worm/Generic.FX
BitDefender Win32.Worm.P2P.ABM
ClamAV Worm.VB-8
Command W32/Kapser.A@mm (exact)
Dr Web Win32.HLLM.Generic.391
eSafe Win32.VB.bi
eTrust-INO Win32/Blackmal.F!Worm
eTrust-VET Win32/Blackmal.F
Ewido Worm.VB.bi
F-Prot W32/Kapser.A@mm (exact)
F-Secure Email-Worm.Win32.Nyxem.e
Fortinet W32/Grew.A!wm
Ikarus Email-Worm.Win32.VB.BI
Kaspersky Email-Worm.Win32.Nyxem.e
McAfee W32/MyWife.d@MM
Nod32 Win32/VB.NEI worm
Norman W32/Small.KI
Panda W32/Tearec.A.worm
QuickHeal I-Worm.Nyxem.e
Sophos W32/Nyxem-D
Symantec W32.Blackmal.E@mm
Trend Micro WORM_GREW.A
VBA32 Email-Worm.Win32.VB.bi
VirusBuster Worm.P2P.VB.CIL
It has been given a Common Malware “name”…. CME-24, more details on that available at http://cme.mitre.org/