Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users not to panic over the threat posed by the Nyxem-D worm (also known as Blackworm, Email-Worm.Win32.VB.bi, Win32/Mywife.e or W32.Blackmal.E@mm), which is programmed to wipe data on infected computers on Friday 3 February, but to take calm action.
"When you panic, you make mistakes," said Graham Cluley, senior technology consultant for Sophos. "Sit down, have a cup of tea, and work out if you have done everything you should have done to ensure your computer isn't at risk from the Nyxem worm, and indeed any of the other 120,000 pieces of malware in existence."
The W32/Nyxem-D worm, which can pose as pictures of the Kama Sutra, has a destructive payload, which triggers half an hour after a computer is booted on the third day of any month, destroying DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP files by replacing their contents with the phrase:
DATA Error [47 0F 94 93 F4 K5]
Sophos automatically updated customers with protection against the W32/Nyxem-D Windows worm, which does not infect Macintosh computers, at 16:03 GMT on 16 January 2006. Experts believe that home users may be at more risk than businesses because typically they take security issues less seriously.
"Most businesses have been successfully protecting against this worm for a couple of weeks," continued Cluley. "Home users who have not been updating their software may be at risk if they are in the habit of opening unsolicited attachments in emails with dodgy sounding subject lines. Even if they are infected, and do nothing, and the worm demolishes their data on Friday, they should be able to recover if they have a recent backup. Anyone who suffers from this worm's payload simply hasn't been practising safe computing."
Sophos warns that focusing too much on Nyxem's threat on Friday 3 February may leave people unaware of other malware risks.
"The damage caused by W32/Nyxem-D has stirred up the public interest because it sounds really terrible - but in many ways, it is the less visible malicious payloads delivered by other malware which can be far worse," continued Cluley. "You may be able to recover the files deleted by Nyxem by going to backup or retyping the content. But you can never get back files which a hacker stole from your PC using a backdoor Trojan. You can never untype keystrokes which were captured by a keylogger. You can never unsend the thousands of emails spammed out if your computer is a zombie."
"Bottom line - if you're worried about Nyxem-D now is the time to look for it, but maybe if you're worried about that you also have reason to be worried about all the other malware out there," said Cluley. "In January we saw 2,312 brand new pieces of malware, that's over 500 every single week."
Sophos suggests that computer users who are concerned that they may be at risk ensure that their anti-virus software is properly installed and up-to-date, and that unsolicited email attachments are not opened. Additionally, PC users should ensure that they have patched their computer against the latest Windows security vulnerabilities, and that a client firewall is installed. Backups of valuable data should be routine both inside businesses and at home.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus, spyware and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.