Clock Ticking for Nyxem Virus

← Back to Stories (view on slashdot.org)

Clock Ticking for Nyxem Virus

Posted by Hemos on Monday January 30, 2006 @12:43AM from the cue-jeopardy-theme-song dept.

DoddyUK writes "The BBC is reporting that the countdown has begun for the Nyxem virus. On February 3rd, common documents such as MS Word, Excel or Powerpoint will be overwritten on infected machines. Over 300,000 machines have been infected thus far, the main method of infection being the promise of porn in unsolicited emails."

72 comments

May I be the first to say: by Anonymous Coward · 2006-01-30 00:45 · Score: 1, Funny

Ouch.
Who out there stilll doesn't get it? by TripMaster+Monkey · 2006-01-30 00:47 · Score: 2, Insightful

From TFA:
Nyxem is thought to have caught out many people by promising porn to those who open the attachments on e-mail messages carrying the virus.
Honestly, are there still computer users out there...even regular users...who don't know this is a bad idea by now???

--
____
~ |rip/\/\aster /\/\onkey
1. Re:Who out there stilll doesn't get it? by Anonymous Coward · 2006-01-30 00:51 · Score: 2, Funny
  
  Yes. Hopefully this will stop them from continuing to be idiots.
2. Re:Who out there stilll doesn't get it? by Fred+Or+Alive · 2006-01-30 00:51 · Score: 4, Insightful
  
  As 's elections show, there's an unlimited supply of stupid people in the world.
  
  --
  10 PRINT "LOOK AROUND YOU "; 20 GOTO 10
3. Re:Who out there stilll doesn't get it? by Fred+Or+Alive · 2006-01-30 01:00 · Score: 1
  
  It did in fact have , rather than any particular country, but "Plain Old Text" was a little too unplain, and it got interpreted as a HTML tag.
  
  I was trying to get a joke that could be read as more of a jibe over politics as a whole rather than any particular entity.
  
  --
  10 PRINT "LOOK AROUND YOU "; 20 GOTO 10
4. Re:Who out there stilll doesn't get it? by Elitist_Phoenix · 2006-01-30 01:04 · Score: 1, Redundant
  
  It's so unfair. I always run the attachments and I never get any viruses. God Damn it, linux just isn't ready for the desktop market.
  
  --
  "I'm going to f***ing bury that guy, I have done it before, and I will do it again. I'm going to f***ing kill Google"
5. Re:Who out there stilll doesn't get it? by Professor_UNIX · 2006-01-30 01:08 · Score: 0, Offtopic
  
  As 's elections show, there's an unlimited supply of stupid people in the world.
  No kidding, what's with the nutbags voting for Hamas by the way? I hope Israel stomps them into the ground for voting for a terrorist group to run their government.
6. Re:Who out there stilll doesn't get it? by arivanov · 2006-01-30 01:09 · Score: 0, Troll
  
  There are plenty and this virus has even compiled a detailed list of them as it reports every single infection back to a master site.
  
  What is really annoying is that LURQH are keeping the infection list secret. It would have made a wonderful blacklist for an antispam system.
  
  --
  Baker's Law: Misery no longer loves company. Nowadays it insists on it
  http://www.sigsegv.cx/
7. Re:Who out there stilll doesn't get it? by sepelester · 2006-01-30 01:24 · Score: 2, Insightful
  
  "Hey,I'm at work. I don't care. The IT guy will take care of it if it's a virus" is still a common way of dealing with the problem.
8. Re:Who out there stilll doesn't get it? by Zocalo · 2006-01-30 01:28 · Score: 1
  
  What is really annoying is that LURQH are keeping the infection list secret
  Are you sure? ISC has been sending out notifications about "Blackworm" (Nyxem) infected PCs for a few days, so the list is definitely available to to the security community. It would be fairly logical that Spamhaus' XBL list and other similar DNSBLs of compromised PCs would be able to acquire a copy of list as well, although they might be better with a sanitised version with hosts known to have been cleansed as a result of the ISC mailings being removed.
  
  --
  UNIX? They're not even circumcised! Savages!
9. Re:Who out there stilll doesn't get it? by sqlrob · 2006-01-30 01:42 · Score: 5, Insightful
  
  Wow what an optimist.
  
  Melissa didn't do it.
  Love didn't do it
  MyDoom didn't do it.
  
  Why do you think this will?
10. Re:Who out there stilll doesn't get it? by Sen.NullProcPntr · 2006-01-30 02:08 · Score: 1
  
  Yes. Hopefully this will stop them from continuing to be idiots.
  300k is a lot of people but what percentage of total users is that?
  Never mind... It's actually a percentage of users who;
  1) have an ISP that doesn't block obviously infected attachments.
  2) don't have anti virus software running on their machines.
  Thats more idiots that I had hoped.
11. Re:Who out there stilll doesn't get it? by jalet · 2006-01-30 02:34 · Score: 0, Offtopic
  
  Excepted that the election was recognized as being a democratic one, so you've got absolutely nothing to say if the results don't please you, and that "on average" the whole Hamas is probably less harmful to the world than GW Bush alone, and caused less deaths.
  
  --
  Votez ecolo : Chiez dans l'urne !
12. Re:Who out there stilll doesn't get it? by Alex+P+Keaton+in+da · 2006-01-30 02:46 · Score: 1
  
  Not to be an ass, but of course there are still users who will open attachments. Do you watch the news? There are still kids who drive 100 mph over RR tracks, and die. There are still people who will open legs, at the promise of pleasure, and catch AIDS. There are still people who don't change the oil in their cars. and on and on and on... Your post basicaly pointed out that people do stupid things, and you act surprised by that fact....
  
  --
  And All I Ask is a Tall Ship And a Star to Steer Her By
13. Re:Who out there stilll doesn't get it? by Anonymous Coward · 2006-01-30 03:02 · Score: 0
  
  whole Hamas is probably less harmful to the world than GW Bush alone, and caused less deaths.
  ROFL. Declaring Hamas to be less harmful than George Bush. Nice troll.
14. Re:Who out there stilll doesn't get it? by Lehk228 · 2006-01-30 04:13 · Score: 1
  
  gotta use extrans to put in fake tags
  
  --
  Snowden and Manning are heroes.
15. Re:Who out there stilll doesn't get it? by tomjen · 2006-01-30 04:40 · Score: 1
  
  That is the reason i (at the school) dont care what i open - if it can infect the system the IT guys did not do their job. Not that i get much vira email
  
  --
  Freedom or George Bush
16. Re:Who out there stilll doesn't get it? by WuphonsReach · 2006-01-30 04:51 · Score: 1
  
  1) have an ISP that doesn't block obviously infected attachments.
  
  Heck, even simply blocking all of the usual suspect attachment types (PIF, SCR, VBS, etc.) at the mail gateway is a big step forward.
  
  Our company blocks about 20-25 different attachment types at the gateway, which means we have a drastically smaller exposure risk. It also means we're not soley dependent on anti-virus at the client level or users who are smart enough not to do something stupid.
  
  --
  Wolde you bothe eate your cake, and have your cake?
17. Re:Who out there stilll doesn't get it? by heinousjay · 2006-01-30 04:57 · Score: 1
  
  I think by the time you explained it, he got it.
  
  --
  Slashdot - where whining about luck is the new way to make the world you want.
18. Re:Who out there stilll doesn't get it? by Anonymous Coward · 2006-01-30 05:02 · Score: 0
  
  A couple thousand Americans dead. Tens of thousands of Americans wounded, hundreds of thousands of Iraqis dead and wounded. All over a war that was based on false claims of weapons of mass distruction, etc. I don't think it's a troll.
19. Re:Who out there stilll doesn't get it? by Anonymous Coward · 2006-01-30 05:03 · Score: 0
  
  Ha ha! That's true! Because anyone who would have voted for George Bush is clearly an idiot!
  
  Yes.
20. Re:Who out there stilll doesn't get it? by The+NPS · 2006-01-30 06:00 · Score: 1
  
  I love me some porn as much as the next guy, but horrible risk of viruses aside, the last thing I want is try to check my e-mail without know if I'll be inundated with porn! I'd never be able to chekc my e-mail in public or at work.
21. Re:Who out there stilll doesn't get it? by blincoln · 2006-01-30 11:04 · Score: 1
  
  if it can infect the system the IT guys did not do their job.
  
  Ah yes, the always lovely combination of denying personal responsibility for one's actions, the implication that anything less than perfection on the part of others is failure, and the dismissal of complex issues as someone else's problem.
  
  --
  "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
22. Re:Who out there stilll doesn't get it? by JohnnyLocust · 2006-01-30 17:08 · Score: 1
  
  Honestly, are there still computer users out there...even regular users...who don't know this is a bad idea by now???
  
  I'm guessing about 300,000 of them.
  
  --
  Havoc Video
23. Re:Who out there stilll doesn't get it? by tomjen · 2006-01-31 03:10 · Score: 1
  
  I dont expect the IT guys to be perfect, but i do expect them to be better than a simple virus sent in an email. If I had tried to hack the system, I would be to blame. There is however always atleast one person on a large enough network that dont understand that they have recived a virus. If any none trusted person can infect the system (apart ofcause from their personal files) simply from running a virus then the security of the system is not good enough.
  
  Yes if I activated a virus on the network it would be my fault - but i would assume the IT guys put in some sort of system to prevent it, since their jobs consist of makeing sure the IT facilities are aviable.
  
  --
  Freedom or George Bush
Seems fair enough to me by Threni · 2006-01-30 00:47 · Score: 4, Funny

Darwin's virus, you could call it. As long as it disables their internet access too, I don't see the problem.
1. Re:Seems fair enough to me by TripMaster+Monkey · 2006-01-30 00:54 · Score: 4, Informative
  
  As long as it disables their internet access too, I don't see the problem.
  
  Unfortunately, that is the problem....it's not going to disable internet access, as that would impair its ability to propogate.
  
  From F-Secure:
  The 'Nyxem.e' is a mass-mailing worm that also tries to spread using remote shares.
  And from E-Security Planet:
  Worm-Nyxem-E propagates via email. It sends a copy of itself using its own Simple Mail Transfer Protocol (SMTP) server. Having its own SMTP server allows it to send email messages without relying on email application like Microsoft Outlook.
  
  --
  ____
  ~ |rip/\/\aster /\/\onkey
2. Re:Seems fair enough to me by Professor_UNIX · 2006-01-30 01:11 · Score: 1
  
  Having its own SMTP server allows it to send email messages without relying on email application like Microsoft Outlook.
  Yet more fuel for the fire of ISPs blocking outbound port 25/tcp connections because of spammers and worms.
3. Re:Seems fair enough to me by clydemaxwell · 2006-01-30 03:25 · Score: 1
  
  actually a lot only block non-authenticated 25...so you can use your ISP provided email and no other.. this only protects in that it allows us to trace spammers to a registered account
  
  --
  Browsing with classic discussion, noscript, at -1 and nested
  no hidden comments and I only mod UP
4. Re:Seems fair enough to me by nolife · 2006-01-30 06:02 · Score: 1
  
  >I>this only protects in that it allows us to trace spammers to a registered account
  
  It also helps as the rogue SMTP engine would have to use your credentials to send email through your ISP mail server as well. Unless it can pluck that information from some common place in the registry, it would not be able to authenticate and send.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
5. Re:Seems fair enough to me by uncoveror · 2006-01-30 13:45 · Score: 1
  
  If you are looking for a virus that disables internet access, a sure-fire way to do that would be to take out the whole PC. Monkeypoo does just that! VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire. James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decided not to publish its existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one." While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution. It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.
  
  --
  The Uncoveror: It's the real news.
The motive? by antifoidulus · 2006-01-30 00:52 · Score: 5, Interesting

From the article:"It shows a certain intelligence in its design but what's the motive?" he asked, "Pure vandalism does not ring true these days."

Maybe economic chaos? The virus goes after MS Office files and pdfs, the files that are 9/10 the most economically valuable on a PC. I wonder what the impact of getting rid of massive amounts of these files would be?
On the plus side, lazy grad students can now say, "The virus ate my thesis" :P

--
Monstar L
1. Re:The motive? by dheltzel · 2006-01-30 01:16 · Score: 4, Insightful
  
  Maybe economic chaos? The virus goes after MS Office files and pdfs, the files that are 9/10 the most economically valuable on a PC. I wonder what the impact of getting rid of massive amounts of these files would be?
  Think of it as a long overdue purge of useless and redundant data on the systems of people who can't be bothered to learn a little about how their computer works or even listen to warning from people who do know a bit. Sort of a way of killing off all the stupid ideas and worthless information before they can do any more harm.
  I know that seems harsh, but the only way I learned how crucial backups are was due to some loss of data (personal, fortunately, not the kind that gets you fired). That lesson has remained fresh in my mind for nearly 20 years. If someone survives an attack without great loss, they are more inclined to be complacent about the next threat. If they do lose something of value, they will consider how to reduce their risk in the future (tested backups, run Linux, don't click on email attachments without caution, etc.).
2. Re:The motive? by Zocalo · 2006-01-30 01:23 · Score: 3, Interesting
  
  That's kind of what I was thinking too, what with the reported increase in on-line extortion of the "pay us money or suffer a DDoS" type and all. You could mass mail some destructive worm like Nyxem, see which IPs phoned home to report an infection, and if see evidence of a signicant outbreak in a big network offer to disable the thing via it's control channel for a "small" fee. It's getting a little close to the wire for effective blackmail based around Nyxem though, unless such attempts have not been made public of course...
  I have to admit I've been kind of hoping for something like Nyxem that wipes out data would come along for a while now. After all the mainstream media coverage of such worms and trojans, all of which have preached the "don't click on the attachment" line, there is simply no excuse for this kind of thing. Sure, there's not a lot that the less IT aware members of the population are going to be able to do about a 0-day exploit like the recent GDI vulnerability, but a mass-mailing and P2P worm? It's harsh, but I think that losing all their documents is the only way that the IT security message is going to reach some people, and if that wakes them up to more involved stuff as well, then so much the better.
  
  --
  UNIX? They're not even circumcised! Savages!
3. Re:The motive? by HaydnH · 2006-01-30 01:25 · Score: 2, Funny
  
  "On the plus side, lazy grad students can now say, "The virus ate my thesis" :P"
  
  So Holmes, you're saying the culprit is a CS grad student with a project due in on the 4th of February?
  
  Elementary, my dear Watson...
  
  --
  Time is an illusion. Lunchtime doubly so. - Douglas Adams
4. Re:The motive? by CastrTroy · 2006-01-30 02:43 · Score: 1
  
  If I was the Prof of that CS grad student, then I wouldn't give them any pity. Being a CS grad student means that you should be away that only storing your paper on 1 disk is not a very good idea. Always make backups of your work. Possibly 2 or 3, depending on how important the assignment is. I always did offsite backups of my work, to my hosting company. I had heard enough horror stories of people who had their computer crash and lost all their work.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
5. Re:The motive? by minus9 · 2006-01-30 02:44 · Score: 1
  
  "I wonder what the impact of getting rid of massive amounts of these files would be?"
  
  I'd be more worried about the impact of files being modified rather than deleted. If a file disappears you'll probably know about it, if the number five in a few of your spreadsheets is turned into a a one and all the ones into fives how long would it take to be discovered.
  
  The damage would be far worse if you can't tell the extent of it.
  
  I suppose at least knowing the date this virus is going to start screwing things up gives you a date for a last known good backup.
6. Re:The motive? by Anonymous Coward · 2006-01-30 03:31 · Score: 0
  
  I learned my lesson when a virus corrupted all my .exe's -- and at that point antiviruses that could detect it could only remove it by deleting the .exe's, not cleaning.
  It was a terrible time.
av precautions by AndyST · 2006-01-30 00:53 · Score: 3, Insightful

I'd fancy a virus overwriting common software such as MS Word, Excel or Powerpoint.

Jokes aside. A colleague wrote to the department to look out for the virus, backup all documents, bla bla.. I replyed, being the one who installed the av software, that updates are run hourly and that everybody is safe if they apply the same precautions which they usually (should) do.

So who is right? Me or the colleague who eventually said that my reply to all was conterproductive?
1. Re:av precautions by mr_walrus · 2006-01-30 01:01 · Score: 1
  
  backups should be done on a scheduled basis by users *anyway*.
  lightening, floods and petty machinery theft could strike, not just viruses.
  
  so, i'd consider your collegues advice to be "redundant."
2. Re:av precautions by OzPeter · 2006-01-30 01:06 · Score: 2
  
  I would say that you are technically correct, but by doing a reply all that invalidated your colleagues original email, he feels like you smacked him down, ie that your reply also invalidated *him*.
  
  People are funny like that. No matter how valid your reply is, they take it personlly when you point out that they are wrong.
  
  I once got a corporate wide email from some guy in some department somewhere, that was telling us to be aware of people calling you on the phone and asking us to punch in a series of digits on the phones keypad, as that would allow the caller to pwn your long distance calling. This was straight up urban legend and 2 minutes on google found me the AT&T page explaining why that was a crock. I emailed this back to the original email writer pointing it out, and he replied that I apparently " .. had too much time on my hands"
  
  --
  I am Slashdot. Are you Slashdot as well?
3. Re:av precautions by AntiDragon · 2006-01-30 01:09 · Score: 3, Insightful
  
  That's a loaded question! Woo...
  
  Depends on the reliability of your AV and how well it's monitored (i.e. Can you identify any non-protected machines quickly) as the Virus attempts to disable AV software. Remember - there's always a nice window of opportunity between a virus doing the rounds and your AV software being updated to detect it. In this specific example, it'd only need one infected machine with access to some general shares to cause havoc come Feburary 3rd. Just one machine. AV won't stop a standard "Delete" command coming from an authenticated workstation.
  
  You're very likely perfectly safe. But never assume anything... :D
  
  As regards to backup, well, I'd never let users be responsible for backups anyway. That should be taken care of automatically - either to tape or secure off-site server storage (and preferably non-windows based) on a very regular basis. Relying on users for any part of data security is A Bad Thing (TM). It's not their fault, but they inverably make dangerous and costly mistakes.
  
  Besides, you just *know* that their gonna copy the contents of their home directories to their workstation harddrives and then wonder how their files got deleted from both locations anyway....
  
  Damn, I'm cynical on a Monday!
  
  --
  "...So I hung back and lurked. For 18 months. Can't beat a good old-fashioned lurking."
4. Re:av precautions by csirac · 2006-01-30 01:10 · Score: 2, Informative
  
  Backing up is incredibly easy compared to the loss of your data.
  
  Never put all your eggs in one basket. Trusting that "nothing bad will happen", trusting 3rd-party band-aids like virus scanners and patches only makes you unnecessarily vulnerable.
  
  Not backing up because you don't believe you will ever need it is just as bad as never patching or never updating your virus scanner, because you believe for some reason you'll never get a virus.
  
  It's incredibly easy to do, there are so many circumstances which can lead to the need for restoring from them, and there's nothing worse than that feeling of "how on earth did I end up with no good backup of my incredibly important data I can't afford to lose".
  
  And yes, I do speak from experience...
5. Re:av precautions by andrewmc · 2006-01-30 01:30 · Score: 4, Insightful
  
  So who is right? Me or the colleague who eventually said that my reply to all was conterproductive?
  I'd agree with your colleague on two points: 1) Telling people not to worry about computer security is just plain wrong. Users need to have it in the backs of their mind that while you are indeed trying to protect them, that relying solely on that is an accident waiting to happen. 2) Suppose an infected machine does make it onto your network? Since the virus can destroy files on remote network shares, it is, as I understand it, still possible data loss can occur on remote machines that are "immune" to the virus.
6. Re:av precautions by Anonymous Coward · 2006-01-30 02:41 · Score: 0
  
  A series of digits and some symbols - why, you could start a conference with the caller and another party (to which you just dialed).
  But the caller should have been in your organization
7. Re:av precautions by Ykant · 2006-01-30 08:31 · Score: 1
  
  Regarding your "straight-up urban legend" - I (not a friend of my cousin) had the experience once of walking past the receptionist's desk at work one morning just as she was about to transfer some outside caller (claiming to be the phone company) to a dial tone.
  Curiously, they gave our receptionist exactly the proper sequence of keys to press in order to pick up another trunk, conference in an operator, and then drop out of the call. Of course, this varies from switch to switch. Being the thorough person she was, she actually wrote it down.
  The receptionist got a cookie for asking me if what this person was asking her to do was okay *before* she did it. I advised her to hang up, she told me that she wasn't permitted to hang up on callers, and I revoked her cookie before hanging up the phone myself.
  
  --
  Spelling, grammar, punctuation? We need something that checks logic.
Is it really as widespread as claimed? by prefect42 · 2006-01-30 01:11 · Score: 3, Insightful

We've had all sorts of warnings about this bugger, but I've yet to actually see an infected machine.

Is this just hysteria whisked up by the AV vendors?

--
jh
1. Re:Is it really as widespread as claimed? by limegreen · 2006-01-30 01:30 · Score: 1
  
  300,000 infections, but are they evenly spread out, or clustered in countries, companies and homes that take less precautions?
  
  Making an extra special backup on 2nd Feb of all your documents would not be a bad precaution.
2. Re:Is it really as widespread as claimed? by Anonymous Coward · 2006-01-30 01:41 · Score: 0
  
  Quite probably.
  
  What needs more publicity are infections and malware that can get on to machines across networks or through injudicious browsing.
  
  Email infections - caught by stupid people
  Network / Browser infections - caught by people who think they are quite good with computers and become complacent
  H5N1 Bird Flu - caught by chicken-lovers
3. Re:Is it really as widespread as claimed? by nelsonal · 2006-01-30 04:06 · Score: 1
  
  From a chart last Friday, India and Peru were home to most of the infections, only about 15k were in the US.
  
  --
  Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
4. Re:Is it really as widespread as claimed? by moyix · 2006-01-30 04:58 · Score: 1
  
  Have a look at LURHQ's stats for this worm. The short answer is, the 300,000 infections are mostly in non-US countries. India shows the highest infection rate.
5. Re:Is it really as widespread as claimed? by fiddlesticks · 2006-01-30 11:39 · Score: 1
  
  from tfa
  
  'On February 3rd...' [something will happen]
  
  'I've yet to actually see an infected machine.'
  
  Written on Jan 30th
  
  --
  http://milkshake.dexy.org
It just HAS to be asked... by EyesofWolf · 2006-01-30 01:16 · Score: 0

Was the parent modded insightful for the possibility of economic turmoil, or because of the idea to get grad students off the hook? I mean, this IS Slashdot...

--
"A wolf's eyes can see into your soul"
My writing
OT, but Important by Anonymous Coward · 2006-01-30 01:28 · Score: 0

I couldn't agree more.
Israel forcibly removes it's own people from all of the settlements in the west bank, paving the way for an inevitable Palestinian state, as as thanks, the Palestinians elect the party hell bent on the destruction of Israel.
If I were Israel, I'd be figuring out the best way to push the Palestinians into the sea. (And then I'd nuke Syria, just as a means of saying to the rest of the Arab world that we're done 'trying to work things out.' No more escalation of force... From this point forward, we come out swinging.)
Unfortunately... by Anonymous Coward · 2006-01-30 01:29 · Score: 1, Funny

They breed.
Hurry, before it's too late! by ticklejw · 2006-01-30 02:10 · Score: 5, Funny

Now's a great time for porn-enjoying Windows users to switch to Linux! All the fun of free Internet porn with none of the viral infection.

--
"Software is like sex; it's better when it's free." -Linus Torvalds
1. Re:Hurry, before it's too late! by Lysdexic2 · 2006-01-30 04:05 · Score: 2, Funny
  
  So, let me get this straight. I used to just have to worry about viral infections with real sex. Now I have to worry about infections with Internet sex as well? Where's it going to stop. Thinking about sex makes your palm pilot explode?
The cynical side... by Zitchas · 2006-01-30 02:36 · Score: 1

...of me is of the opinion that we (people of the web) are better off without all those who aren't bright enough to avoid such a simple infection method. Now, if only the virus could transmit itself out of the computer and take down the user who, for all intents and purposes, installed the thing on it to begin with. Or at least permenently remove them from ever touching the web again.
That being said, the web would probably be a bit scarier place if viruses/software had that kind of physical power...
On the hopefull side, the more people who get burned by something like this, the more likely they are to take precautions in the future.
Oh, and to those with similar points of view to mine in the IT industry, do any of you worry that you're going to get tagged with the blame when a chunk of your users lose some of their important docs? "It's the tech's responsibility to keep bad stuff off the network", after all.

--
Z
the professionals don't get it, that's the problem by Anonymous Coward · 2006-01-30 03:58 · Score: 0

And a lot of people at work couldn't do anything about it if they wanted to and were aware of it. Accidental changes to the OS such as infections are tolerated (you might get a lecture and a warning to stop being an idiot),but purposeful mucking about in the system (to attempt to clean it yourself) is forbidden and cause for dismissal.

People on home computers are a differnt story altogether. it is hard for people to keep clean systems,and people get emails that look like they came from a friend. You are expecting 100% clean, and even if home users manage 99%, that means 1% non-clean, and as such they are called lusers. Uhh, why? THAT system is terribly broken and you really can't expect normal non coding non IT professional people to be able to deal with it when the professionals haven't come up with a workable solution yet, one that has been universally implemented across the operating system and ISP board. There are various plans, schemes and work arounds for the broken email system, and for the broken web surfing system that is now encouraging massive adoption of active scripting which exponentially increases chances of infections, but it is by no means a fait accompli yet. We still (basically) have the same insecure email system we had decades ago, and the web surfing experience is more insecure by default design. The professionals have insisted and implemented bling over security, year after year after decade. It's really only been in the past year that the big three desktop OSes, windows (all service patches included), mac (ditto), linux (major vendors got a clue and turned services off in default installs), shipped anything even remotely secure out of the box, and that still doesn't address the broken email system.
everyone uninterested in sex didn't reproduce by Russ+Nelson · 2006-01-30 04:10 · Score: 1

The problem is that everyone alive today is the descendent on a *continuous* stream of hundreds of generations of people with an interest in sexual intercourse. Everyone who didn't have that interest didn't reproduce. Sex doesn't just sell, it drives most things that we do.
-russ

--
Don't piss off The Angry Economist
1. Re:everyone uninterested in sex didn't reproduce by The+NPS · 2006-01-30 06:08 · Score: 1
  
  Yep, few years, there's a whole new generation of people ready to make the same mistakes we've just learned to stop making.
Comment removed by account_deleted · 2006-01-30 04:13 · Score: 1

Comment removed based on user account deletion
Old, covered by McAfee since Dec 05? by Shadow_139 · 2006-01-30 04:44 · Score: 1

From McAfee site it has beening covered since 02-12-05? (Minimum DAT: 4642 (12/02/2005) People should be updated by now....
1. Re:Old, covered by McAfee since Dec 05? by CowboyBob500 · 2006-01-30 04:58 · Score: 1
  
  What, are the staff at McAfee time travellers? From TFA:-
  
  The Nyxem-E Windows virus first emerged on 16 January
  
  Bob
  
  --
  Listen to my latest album here
Please be specific by Princeofcups · 2006-01-30 05:42 · Score: 3, Informative

DoddyUK writes "The BBC is reporting that the countdown has begun for the Nyxem *Microsoft Windows* virus. On February 3rd, common *Microsoft format* documents such as MS Word, Excel or Powerpoint will be overwritten on infected *Microsoft Windows* machines. Over 300,000 *Microsoft Windows* machines have been infected thus far, the main method of infection being the promise of porn in unsolicited emails."

jfs

--
The only thing worse than a Democrat is a Republican.
Missing the point by Joiseybill · 2006-01-30 06:55 · Score: 3, Informative

This virus is very likely a POC and an advance guard to hold doors open for future infection or botnets.
As stated by others already, LURHQ has distribution stats. http://www.lurhq.com/blackworm.html US infections only number about 5% of total. Peru and India have most of the worldwide population of this. (this is ip-based, and may not be reliable.)
I haven't seen another mention, but SANS Storm Center has been following this - and actually has made an offer to sysadmins to share info. They limit the info they will give; if you can reasonably establish that you are the RP for a network or subnet - they will send you a list of known infections in your IP range. They have already sent out notice messages to admins of record (whomever the abuse or tech contact is currently on the whois lookup) using a script. [Check the ISC pages if you really want to know - I don't want to flood them by posting a direct email link here.]
Referred to in the SANS/ISC history on this http://isc.sans.org/blackworm and previous pages - Fortinet has done extensive analysis. This virus has several actions. Most folks already know it deletes files, breaks AV software, and spreads over Windows shares. What hasn't seen much daylight is that it drops a bunch registry entries that grant "trusted" status to the virus. http://www.fortinet.com/VirusEncyclopedia/search/e ncyclopediaSearch.do?method=viewVirusDetailsInfoDi rectly&fid=119856 I'm not an expert on this mechanism - but I'd assume that any machine with these "bad" trusts in place could easily be compromised later using code that is authenticated against these bad keys.
I read M$' page on this virus, http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=Win32%2FMywife.E%40mm as well as a few AV pages. None mention these keys, so I would assume they don't fix this problem.
Any system that has been infected and then cleaned will probably retain these falsified certificates. This leaves a big hole in place, while some users (even the " all your AV is updated hourly folks.. return to your seats" IT guy) - will have a false sense of security on this.
Thankfully, many AV programs discovered this virus Heuristically. (see links to LURHQ & others) McAfee, Panda, NOD32, and several others identified blocked this virus without needing a signature update. This may be why we don't have 2 million AOL/Comcast sheep spreading the virus.
This should serve as a strong reminder to backup religiously, use defense-in-depth, and enforce strong registry policies when Windows systems are implemented.
pdf's also by Bob+4knee · 2006-01-30 07:00 · Score: 1

It does just infect MS OS, but it claims to delete some useful file types also (pdf comes to mind, there are probably more).
A rare thing these days? by philntc · 2006-01-31 14:45 · Score: 1

A destructive worm is a real throwback to old school nastiness. Who hasn't learned the lesson that destroying the host (or at least attracting attention) really diminishes the lifespan of an infection.