Latest email virus will delete data files every 3rd day of the month.

If you have a penchant for porn and don’t have an up-to-date virus scanner on your system then you could be headed for trouble come February 3rd:

The worm, named Nyxem.E, was discovered on January 20. It spreads by convincing users to open an executable attachment in their e-mail, tempting them with subject lines such as “Arab sex DSC-00465.jpg,” “Miss Lebanon 2006,” or “School girl fantasies gone bad.” The executable, when run, checks to see if there are any common anti-virus programs running, and if so disables them. It inserts itself into the Windows registry in the standard places such as Software\Microsoft\Windows\CurrentVersion\Run so that it will run on startup, then scans the users’ hard drive for any e-mail addresses it can find to send itself off to the next victim. It also attempts to spread via network shares.

The payload, which is set to execute on the third day of every month and so will first deploy on February 3, does not render the user’s computer inoperative, but instead destroys that user’s data. All Word, Excel, Access, Powerpoint, Acrobat, Photoshop, and some other files including zipped archives are deleted and replaced with the text string “DATA Error [47 0F 94 93 F4 K5].” This could result in some embarrassingly short business presentations scheduled for the beginning of next month.

What’s really interesting about this worm is that it’s written in Visual Basic and uses some pretty well established methods of reproducing itself that all manner of safeguards have been developed for ages ago, yet it’s still one of the fastest spreading threats in the wild at the moment accounting for some 35% of all malware traffic as of this morning. Outlook and Outlook express won’t let you run this attachment if it arrives via email and quite a few ISPs and commercial companies strip executables as they hit the mail server, but that hasn’t stopped it from spreading. Simple social engineering (Look! Free porn!) manages to overcome technological safeguards with ease. You naughty, naughty users!

4 thoughts on “Latest email virus will delete data files every 3rd day of the month.

  1. Actually I sleep with a dental guard, because I kept fracturing teeth.  But regarding Windows, it does seem like crappy design for an email attachment to be able to screw with the system like that.

  2. I think the philosophy in Windows is to to let everything do anything so users are less likely to call tech support. 

    Like the salespeople in the big box electronics who tell customers they can setup their wifi straight out of the box in minutes, neglecting to mention that the only way to do it that fast is to leave it open and unsecured.

    I hate windows default of hiding file extensions.  I’ve seen too many .vbs viruses get through like that.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.