Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users not to panic over the threat posed by the Nyxem-D worm (also
known as Blackworm, Email-Worm.Win32.VB.bi, Win32/Mywife.e or
W32.Blackmal.E@mm), which is programmed to wipe data on infected
computers on Friday 3 February, but to take calm action.
"When you panic, you make mistakes," said Graham Cluley, senior
technology consultant for Sophos. "Sit down, have a cup of tea, and
work out if you have done everything you should have done to ensure
your computer isn't at risk from the Nyxem worm, and indeed any of
the other 120,000 pieces of malware in existence."
The W32/Nyxem-D
worm, which can pose as pictures of the Kama Sutra, has a
destructive payload, which triggers half an hour after a computer
is booted on the third day of any month, destroying DOC, XLS, MDB,
MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP files by replacing their
contents with the phrase:
DATA Error [47 0F 94 93 F4 K5]
Sophos automatically updated customers with protection against
the W32/Nyxem-D Windows worm, which does not infect Macintosh
computers, at 16:03 GMT on 16 January 2006. Experts believe that
home users may be at more risk than businesses because typically
they take security issues less seriously.
"Most businesses have been successfully protecting against this
worm for a couple of weeks," continued Cluley. "Home users who have
not been updating their software may be at risk if they are in the
habit of opening unsolicited attachments in emails with dodgy sounding
subject lines. Even if they are infected, and do nothing, and
the worm demolishes their data on Friday, they should be able to
recover if they have a recent backup. Anyone who suffers from this
worm's payload simply hasn't been practising safe computing."
Sophos warns that focusing too much on Nyxem's threat on Friday
3 February may leave people unaware of other malware risks.
"The damage caused by W32/Nyxem-D has stirred up the public
interest because it sounds really terrible - but in many ways, it
is the less visible malicious payloads delivered by other malware
which can be far worse," continued Cluley. "You may be able to
recover the files deleted by Nyxem by going to backup or retyping
the content. But you can never get back files which a hacker stole
from your PC using a backdoor Trojan. You can never untype
keystrokes which were captured by a keylogger. You can never unsend
the thousands of emails spammed out if your computer is a
zombie."
"Bottom line - if you're worried about Nyxem-D now is the time
to look for it, but maybe if you're worried about that you also
have reason to be worried about all the other malware out there,"
said Cluley. "In January we saw 2,312 brand new pieces of malware,
that's over 500 every single week."
Sophos suggests that computer users who are concerned that they
may be at risk ensure that their anti-virus software is properly
installed and up-to-date, and that unsolicited email attachments
are not opened. Additionally, PC users should ensure that they have
patched their computer against the latest Windows security
vulnerabilities, and that a client firewall is installed. Backups
of valuable data should be routine both inside businesses and at
home.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus, spyware
and spam threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.