Remortgages

US-CERT Alert: Nyxem Mass-mailing Worm

January 25, 2006 -- US-CERT is aware of a new mass-mailing worm known as Nyxem (CME-24). This worm relies on social engineering to propagate. Specifically, the user must click on a link or open an attached file.
The Nyxem worm targets Windows systems that hide file extensions for known file types (this is the default setting for Windows XP and possibly other versions). The worm's icon makes it appear to be a WinZip file. As a result, the user may unknowingly start the worm.

Once a Windows system is infected, the malicious code may:

* Attempt to harvest email addresses stored on the infected system
* Utilize its own SMTP engine to send itself to the harvested email addresses
* Disable anti-virus and file sharing programs
* Spread itself using all available Windows network shares on the infected system
* Modify the active Desktop

In addition, on February 3, 2006, the worm will corrupt files and make them unusable by overwriting them with a small text message. The files with the following extensions are targeted on this date: DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR,PDF, PSD and DM.

US-CERT strongly encourages users and system administrators to implement the following workarounds:

* Install anti-virus software, and keep its virus signature files up-to-date
* Block executable and unknown file types at the email gateway

Additionally, US-CERT strongly encourages users not to follow unknown links, even if sent by a known and trusted source. Users may also wish to visit the US-CERT Computer Virus Resources for general virus protection information.

Source: US-CERT

[ Comment, Edit or Article Submission ]