XG Fox Posted February 1, 2006 Share Posted February 1, 2006 E-mail worm bent only on destruction By Byron Acohido and Jon Swartz, USA TODAY SEATTLE A fast-spreading e-mail worm is raising alarms because its sole purpose is to obliterate the everyday working documents widely used by consumers, students and businesses. The Kama Sutra worm also referred to as Nyxem.E and Grew.A is unnerving because, unlike other e-mail worms, it appears to be detached from any profit motive. It is designed to destroy all Microsoft Word, Excel, Access and PowerPoint documents and Adobe Acrobat and Photoshop files on all hard drives connected to an infected PC. "The amazing part is that there appears to be a lack of any motive behind this except destruction," says David Mayer, researcher at e-mail security firm IronPort Systems. The worm appears in e-mail in-boxes with subject lines such as "hot movie," "A Great Video" or "Crazy illegal Sex!" enticing the recipient to click on an attachment. One variation makes reference to the ancient Sanskrit book on sexual positions. By clicking on the attachment, the victim launches a program that disables anti-virus protection. The infected PC then begins to send copies of similarly tainted e-mail to every e-mail address on the victim's hard drive. But while most e-mail worms also plant a back door to give an intruder control of the PC, or a program to steal log-ons and passwords, this worm's sole purpose is destruction. It implants a program to erase common work files on the third day of the month, hitting even external data-storage devices connected to the infected PC. IDefense, a VeriSign company, confirmed the deletion program works. More than 500,000 PCs are believed to have been infected since it first appeared on Jan. 16. That's a modest infection rate, but victims face grim consequences. On Friday Feb. 3 any infected machines will lose all Microsoft documents and Adobe files. Because big corporations have tighter e-mail defenses, small businesses and consumers are being harder hit, security experts say. But big companies aren't immune. The worm is designed to inject file-deletion instructions onto corporate servers. It does so via systems that share data with employees logging on to corporate systems from remote locations. "The worm can spread quite well once it finds its way beyond corporate firewalls," says Mikko Hypponen, chief research officer at F-Secure. Victims can tell they've been infected if they clicked on an e-mail attachment and had their keyboard and mouse freeze up, forcing them to reboot, says Ken Dunham at iDefense. Disinfection requires reinstalling an anti-virus program updated to protect against this worm, then scanning to make sure it has been purged. Security experts say the worm's author appears to be a throwback to when viruses were written for bragging rights or to make a statement. "It's about proving the virus community can't be stopped by anti-virus companies," says John Pironti, banking security consultant at Unisys. Swartz reported from San Francisco. Source: http://www.usatoday.com/tech/news/computersecurity/2006-01-30-email-virus_x.htm If you have ANY doubts about if you have received this virus or not, BACK EVERYTHING UP NOW. YOU HAVE UNTIL FEBRUARY 3RD TO GET AT LEAST THESE TYPES OF DOCUMENTS BACKED UP, OR ELSE THEY MAY BE DESTROYED IF YOU HAVE RECEIVED THE VIRUS. Link to comment Share on other sites More sharing options...
Zack Posted February 1, 2006 Share Posted February 1, 2006 Also the simple thing to do is to not open ANY E-Mail attachment from anyone you dont know, and also on AIM or MSN or any of the likes it could start out as the following "Hey look at this (link)" (Insert reply here) "Dont worry it wont hurt (link)" and the person it is coming from wouldnt know a thing about it... This is more common PC saftey knowledge than it is a defense for this one worm, there are multiple worms like it altough this one is unique in the way its not an information stealer, its just a malicious virus... Just use caution people dont open an E-Mail from someone you dont know no matter what the title is, cause they're viruses like this one that can disable your anti-virus no matter how well you think it works... There are no exclusions to this nothing along the likes of "I got a router with seperat firewalls and backup firewalls and multiple antivirus programs thats untouchable" Truth is its not... Granted very rarely will something ever occur that is overly harmful to your PC but you still should take all the necessary steps to try and prevent a PC crash... Link to comment Share on other sites More sharing options...
Ludvig11 Posted February 1, 2006 Share Posted February 1, 2006 yep. better take it one the safest side.. I never trust anything that looks suspicious 700,000 people has allready been infected in just only 24 hours!! how can people waste alot of thier time and knowleage on making this.. things... Link to comment Share on other sites More sharing options...
ArwingMaster Posted February 1, 2006 Share Posted February 1, 2006 theres some weird people out they're, we just have to be careful. Link to comment Share on other sites More sharing options...
Gamecuber459 Posted February 1, 2006 Share Posted February 1, 2006 OMG!!!! This is...messed up!! Link to comment Share on other sites More sharing options...
EvolutionSFox Posted February 1, 2006 Share Posted February 1, 2006 Oh god, this is crazy! I have to definitely watch everything that comes by my mail now... Link to comment Share on other sites More sharing options...
Guest Grimloq Posted February 2, 2006 Share Posted February 2, 2006 Ouchies... *Is glad he has every address except those in his address book blacklisted* ... *Is also glad he has few Word, Powerpoint and Photoshop files, all of which are really obsolete anyway* You know, it's the kind of people who make these who give REAL hackers a bad name... These guys get all the attention, the ones who are hackers for a living doing perfectly fine things get overlooked and then hated for stuff they didn't do. Link to comment Share on other sites More sharing options...
Zack Posted February 2, 2006 Share Posted February 2, 2006 Ouchies... *Is glad he has every address except those in his address book blacklisted* ... *Is also glad he has few Word, Powerpoint and Photoshop files, all of which are really obsolete anyway* You know, it's the kind of people who make these who give REAL hackers a bad name... These guys get all the attention, the ones who are hackers for a living doing perfectly fine things get overlooked and then hated for stuff they didn't do. I know I so agree with this, I would never dream of making these things nor would I ever do anything wrong... Not all hackers are like ZOMFG NEWBIE PC I MUST KILL IT!!! Hackers that trash peoples PCs and make these things have made a bad name for the rest of us... Link to comment Share on other sites More sharing options...
Guest Grimloq Posted February 3, 2006 Share Posted February 3, 2006 Well, the only hacker experience I have is Uplink. Though that is a REALLY fun game, more so since I fixed the sound bug. Link to comment Share on other sites More sharing options...
Recommended Posts