According to Security Focus news Nyxem.e/Blackmal.e/MyWife.e is spreading rapidly in India,Turkey,Italy ...
Read more about the news article here
This came up shortly after I posted my views/rough analysis of the worm.
Update: F-Secure has released a disinfection utility called F-Force for Nyxem.e
Regards
Friday, January 27, 2006
Nyxem.e is a mass mailing worm, it sends the attachment, with filetype bhx(which actually is the worm). I was not surprised when a institute where I had studied was infected with the worm. (No anti-virus installed either) So the possibility of infection was very high. I won't be wondering if the worm spread to all their students' email and inturn their friends / contacts.
Some behavioral details
1)Coded in Microsoft Visual Basic, it uses remote shares to spread itself
2)Nasty payload: Deletes the file of the following filetype *.doc/*.xls/*.mdb/*.mde/*.ppt/*.pps/*.zip/*.rar/*.pdf/*.psd/*.dmp
3)It poses to be a winzip file (which is more threatening)
4)It escapes from anti-virus vendors as it's kinda mydoom's design by avoiding sending the emails to their domains.
5)It also kills the following services(anti-viruses)
SYMANTEC/SCAN/KASPERSKY/VIRUS/MCAFEE/TREND MICRO/NORTON/REMOVAL/FIX
So even if the institute I mentioned had a Anti-virus, it might have only one of the leading av's and this makes the installation of anti-viruses futile.
I was particularly interested in this one because it's payload was to delete almost all essential files on the harddisk on Feb 3 or 3rd day of any month.This is aided by the running of a exe called update.exe is loaded into memory.(update.exe is created by the worm)I haven't fully analysed the worm.
I have just outlined some of the key features which make it deadly.
Regards
Some behavioral details
1)Coded in Microsoft Visual Basic, it uses remote shares to spread itself
2)Nasty payload: Deletes the file of the following filetype *.doc/*.xls/*.mdb/*.mde/*.ppt/*.pps/*.zip/*.rar/*.pdf/*.psd/*.dmp
3)It poses to be a winzip file (which is more threatening)
4)It escapes from anti-virus vendors as it's kinda mydoom's design by avoiding sending the emails to their domains.
5)It also kills the following services(anti-viruses)
SYMANTEC/SCAN/KASPERSKY/VIRUS/MCAFEE/TREND MICRO/NORTON/REMOVAL/FIX
So even if the institute I mentioned had a Anti-virus, it might have only one of the leading av's and this makes the installation of anti-viruses futile.
I was particularly interested in this one because it's payload was to delete almost all essential files on the harddisk on Feb 3 or 3rd day of any month.This is aided by the running of a exe called update.exe is loaded into memory.(update.exe is created by the worm)I haven't fully analysed the worm.
I have just outlined some of the key features which make it deadly.
Regards
Tuesday, January 24, 2006
Monday, January 09, 2006
My primary 40gig hdd crashed and it was declared unusable by me as soon as I got a couple of Data Read/Write errors.(also accompanying these two was the CRC Error for the hdd). I still wanted to try to make it re-usable instead of throwing it ... Hoping to make something happen I installed Win2000 SP4 and a Vmware image. As soon as I started working ... I again get these bsod(errors as mentioned above). I finally format it again fully and I won't throw it ... but I will have it as a souvenir/my memoir or whatever I feel like calling it ... Iam planning to buy a 10-20gig hdd to get back the setup for working on vulns/malware.
Pray for my new hdd's health...
Regards
Pray for my new hdd's health...
Regards
Subscribe to:
Posts (Atom)