|The Nyxem-D worm can pose as pictures of the Kama Sutra.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users to be wary of unsolicited emails claiming to contain obscene pictures and sex movies.
The W32/Nyxem-D worm (also known as Email-Worm.Win32.VB.bi, Blackworm, or W32.Blackmal.E@mm) can spread via email using a variety of pornographic disguises, in an attempt to disable security software. If launched it tries to disable a number of anti-virus and firewall products, and attempts to harvest other email addresses from the infected computer, in an effort to spread itself further.
Subject lines used in the malicious emails include the following:
Arab sex DSC-00465.jpg
Fuckin Kama Sutra pics
Fwd: Crazy illegal Sex!
give me a kiss
Miss Lebanon 2006
Part 1 of 6 Video clipe
School girl fantasies gone bad
The Best Videoclip Ever
"Companies should educate their users to practise safe computing - that includes never opening unsolicited email attachments and discouraging the sending and receiving of joke files, pornography and funny photographs and screensavers," said Graham Cluley, senior technology consultant for Sophos. "This worm feeds on people's willingness to receive salacious content on their desktop computer, but they could be putting their entire company's data at risk."
The W32/Nyxem-D worm has a destructive payload, which triggers on the third day of any month, destroying DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP files by replacing their contents with the string:
DATA Error [47 0F 94 93 F4 K5]
Sophos automatically updated customers with protection against the W32/Nyxem-D Windows worm, which does not infect Macintosh computers, at 16:03 GMT on 16 January 2006.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.