In this section

• Home
• Press office
• News archive
• Articles
• 2006
• 01

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

18 January 2006

Obscene Kama Sutra worm spreads via email Data destroying payload set to trigger on 3 February

The Nyxem-D worm can pose as pictures of the Kama Sutra.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users to be wary of unsolicited emails claiming to contain obscene pictures and sex movies.

The W32/Nyxem-D worm (also known as Email-Worm.Win32.VB.bi, Blackworm, or W32.Blackmal.E@mm) can spread via email using a variety of pornographic disguises, in an attempt to disable security software. If launched it tries to disable a number of anti-virus and firewall products, and attempts to harvest other email addresses from the infected computer, in an effort to spread itself further.

Subject lines used in the malicious emails include the following:

*Hot Movie*
Arab sex DSC-00465.jpg
Fuckin Kama Sutra pics
Fw: SeX.mpg
Fwd: Crazy illegal Sex!
give me a kiss
Miss Lebanon 2006
Part 1 of 6 Video clipe
School girl fantasies gone bad
The Best Videoclip Ever

"Companies should educate their users to practise safe computing - that includes never opening unsolicited email attachments and discouraging the sending and receiving of joke files, pornography and funny photographs and screensavers," said Graham Cluley, senior technology consultant for Sophos. "This worm feeds on people's willingness to receive salacious content on their desktop computer, but they could be putting their entire company's data at risk."

The W32/Nyxem-D worm has a destructive payload, which triggers on the third day of any month, destroying DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP files by replacing their contents with the string:

DATA Error [47 0F 94 93 F4 K5]

Sophos automatically updated customers with protection against the W32/Nyxem-D Windows worm, which does not infect Macintosh computers, at 16:03 GMT on 16 January 2006.

Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Sophos urges calm as panic over Nyxem worm attack spirals
• Sign up now for free notification of new viruses found in the wild
• RSS security news and live virus information feeds