Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Search | Test
Home » Industry Watch

This Week's Windows News: The Nyxem Countdown

It's a surprising move.


Everybody caught their breath? Everyone got over the WMF flaw hysteria and Steve Gibson's latest trick or treat? It's time again, and this one's slated to explode on 3 February, proving once again that an Internet neighbourhood with Windows users is a weird (and decidedly unsavoury) neighbourhood.

OK: read this. 'WINZIP_TMP.exe'. Seen that file? It's a belated benign gift from Father Xmas himself. He's sorry he was late. If you have it on disk, open it and have fun. And happy Xmas.

For inside is packed something the pundits are calling Nyxem. It's a sort of up and coming virtual chlorinator.

Also called the Kama Sutra Worm (because it has so many different ways to screw you) Nyxem is programmed to overwrite lots of files in a few days and it's already spread like wildfire, says Mikko Hypponen of F-Secure.

Nyxem overwrites files by truncating their length to the following message.

DATA Error [47 0F 94 93 F4 K5]

It goes on a hunt and destroy across your hard drive(s) and does the above to all files with the following extensions.

DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP

Some variants are also rumoured to target boot.ini, Program Files, and system32.

LURHQ Corporation's Threat Intelligence Group [sic] has a side show prepared for those who just want to watch.

http://lurhq.com/blackworm-stats.html

Currently Nyxem's hit only 300,000 machines, but it's not planning on propagating forever - no, in the interest of all that is good, it will start on 3 February wiping out the above listed files from hard drives. And it will do this the third of every month until Windows is gone from the Internet for good.

And in a surprising move (and as intimated above) the author(s) of Nyxem have chosen to target Windows computers and Windows computers alone. Why this change is not known, but users of other platforms can only watch idly from the sidelines and wish Nyxem the Kama Sutra Worm the best of luck.

Nyxem spreads through mail, which reveals a recurring paradox: how can people who were smart enough to choose Windows over other platforms ever be so stupid as to open obscenely suspicious mail attachments? The experts are scratching their heads over this one.

By this morning Nyxem accounted for 35% of all virus traffic on the Internet.

Simultaneously Windows accounted for 100% of all virus traffic on the Internet.

Using a technique from the Stone Age (found in the six year old Love Bug) Nyxem penetrates the otherwise rock solid defenses of Windows, grabs the Outlook address book, and starts propagating itself. Viciously.

Six years and the clueless still don't have a clue. Cross your fingers and hope Nyxem does its job - by this time next year it'll be a registered brand used in gene pools.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.