Rhino
01-23-2006, 11:39 AM
There's yet another new and nasty worm circulating, but it has a dangerous twist that not all of the antivirus vendors have picked up on yet, at least not if you take their web sites at face value. The SANS Internet Storm Center (ISC) is reporting analysis by F-Secure that a new worm F-Secure calls Nyxem_e will delete numeorus files off of a computer on the third of each month if the update file runs on that day (automatic when you log on). So far, none of the other antivirus sites are mentioning this file deletion payload, for what reason is unknown. However, all of the major vendors do have detection signatures for this worm, so you should be okay if your virus definitions are up to date (translation: make sure they are before Feb 3rd). The SANS ISC link for this issue is:
http://isc.sans.org/diary.php?date=2006-01-22
As usual, the different antivirus vendors have different names for this malware. Some are listed below with links:
W32.Blackmal.E@mm (http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html) Symantec
W32/Nyxem-D (http://www.sophos.com/virusinfo/analyses/w32nyxemd.html) [Sophos],
W32/MyWife.d@MM (http://vil.nai.com/vil/content/v_138027.htm)[McAfee],
W32/Grew.A!wm (http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoD irectly&fid=119856) (Fortinet),
W32/Small.KI@mm (http://www.norman.com/Virus/Virus_descriptions/28031/en-us) [Norman],
Win32/Blackmal.F (http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=50198) [Computer Associates]
Tearec.A (http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=105192) Panda
The F-Secure link is http://www.f-secure.com/v-descs/nyxem_e.shtml
http://isc.sans.org/diary.php?date=2006-01-22
As usual, the different antivirus vendors have different names for this malware. Some are listed below with links:
W32.Blackmal.E@mm (http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html) Symantec
W32/Nyxem-D (http://www.sophos.com/virusinfo/analyses/w32nyxemd.html) [Sophos],
W32/MyWife.d@MM (http://vil.nai.com/vil/content/v_138027.htm)[McAfee],
W32/Grew.A!wm (http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoD irectly&fid=119856) (Fortinet),
W32/Small.KI@mm (http://www.norman.com/Virus/Virus_descriptions/28031/en-us) [Norman],
Win32/Blackmal.F (http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=50198) [Computer Associates]
Tearec.A (http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=105192) Panda
The F-Secure link is http://www.f-secure.com/v-descs/nyxem_e.shtml