I can confirm that it is true. I found out about it myself yesterday. Apparently, 60,000 systems in the UK are affected.
|
It's not as great a threat as made out by the media according to the experts. Some brief details from PC Advisor:
"Security researchers have given the worm a variety of names. Microsoft calls it Win32/Mywife.E@mm, but it is also known as Nyxem, Blackdoom, W32.Blackmal.E@mm, Tearec and Kama Sutra.
"If a PC is to become infected by Nyxem, a user must first click on a PIF (Program Information File) file attached to an email, which is typically blocked by corporate antivirus software", according to Russ Cooper, senior information security analyst at Cybertrust.
"If you're letting it through and you're a company, then you probably don't have antivirus. So you've already got a problem," he said.
PIFs are data files used to help programs written for Microsoft's pre-Windows DOS run in a Windows environment.
Nyxem does not rely on a Windows vulnerability, but instead uses 'social engineering' techniques to spread, tricking users to click on files that promise racy content such as "Miss Lebanon 2006" or "School girl fantasies gone bad", according to security researchers.
Johannes Ullrich, chief research officer at the SANS Institute, agreed that the majority of users do not need to worry about Nyxem. "The story here is if you are hit, you do have other vulnerabilities on top of this problem," he explained.
Microsoft's website advice is to use up-to-date antivirus software, most of which can detect the Nyxem infection, and to use caution before opening unknown email attachments.
A more detailed explanation of the worm:
www.updatexp.com/nyxem-e.html
By the way this is an excellent website for XP users..:-)
- - - - - - - - - - - - - - - - - - - - -
What's for you won't pass you by
|
|
McAfee have it rated as low risk for corporate and home users. What sort of moron opens a mail titled crazy illegal sex?
|
|
|
|
This one isn't a hoax, and is very clever in its propagation - depending on variant:-
* Rifles your address book, creates its own mail engine and emails everyone you know with itself
* Hunts around your LAN or anything else it can see looking for vulnerable shares. If it finds any, it installs itself and repeats
* Best of all, on the 3rd of each month it will delete ten different types of important files from your computer - the word docs, excel files etc that would represent losing your own work
If you run task manager (CTRL-ALT-ESC) and select processes, it shows as winzip.exe or update.exe running all the time. If it's there, your anti-virus hasn't caught it. To remove it, you can go to Sophos or Symantec and download a tool for free to get rid.
It's a good time to look at your system though -
* Is your antivirus updating sucessfully? Is it set to do anything once it finds a virus (you'd be surprised that a lot of them default to do nothing, not even disinfect)
* Are you getting and installing the latest updates from Microsoft and other software vendors you use on your computer?
* Do you have reliable backups? It's not enough to backup your documents, try a restore now and again (even a couple of files) to make sure it will work when you need it
This is a nasty virus, they normally don't carry such a destructive payload so I think it's worth spending time ensuring you've not got it. - at least do the three steps above - you've nothing to lose by checking your vulnerability.
The virus is only minor if it doesn't hit you, and believe me, you don't want this running on your computer, and especially not tomorrow.
--Lee .. Welcome to Anytown USA
|
>>This is a nasty virus,>>
It's actually a worm but the advice from key quarters is that if your AV is up to date and you take the normal precautions, then you should be OK.
One bit of advice is that, if you use Outlook Express, to PERMANENTLY Disable the Preview Pane.
Otherwise just merely clicking on an infected e-mail can set nasties in action.
With the Preview Pane disabled, you get a list of your e-mails. By highlighting and then right clicking you can read the header and also the message itself.
Any doubts, just keep Cancelling and then delete the e-mail by using the Toolbar's Delete button.
- - - - - - - - - - - - - - - - - - - - -
What\'s for you won\'t pass you by
|
>>It's actually a worm
Worm/Virus, who cares? The average user and therefore the people taking the advice won't know and aren't bothered about the difference. Most people understand what a "virus" is.
>>but the advice from key quarters is that if your AV Anti-virus - are you sure, you said it was a worm, perhaps I need some anti-worm software? is up to date and you take the normal precautions, then you should be OK
Which is why I've detailed what these precautions are - for people who don't naturally understand these things.
Just realised the key combo is CTRL-SHIFT-ESC for task manager, late typing makes for typos!
Stuartli seems to be inferring this isn't anything too much to worry about. I say otherwise - check the stuff I list and be sure you're not going to get bitten by it
--Lee .. Welcome to Anytown USA
|
>>seems to be inferring this isn't anything too much to worry about. I say otherwise >>
Microsoft states clearly that if your security measures are in place and up to date and you observe the usual precautions, then there is little to worry about.
It requires a certain set of procedures to actually set the worm into action and the majority wouldn't undertake them in the first place. The people most at risk are those who can't or won't install appropriate security measures.
As a personal note of comfort, I can sit back and relax to a large extent, thanks to Mozilla's Thunderbird and Firefox...:-)
Thunderbird is "trained" to automatically dump scam and dubious e-mails instantly.
Interestingly, 99.9 per cent of such e-mails I receive arrive from Tiscali; my other ISP, Pipex, has delivered just one in the 10 years I've been with it.
A quick e-mail to its support department about the unwanted e-mail brought a quick response and an immediate solution.
- - - - - - - - - - - - - - - - - - - - -
What\'s for you won\'t pass you by
|
Stuart
It's not quite as simple as that. This thing also uses Windows Shares to self-propagate, not just the "click here for naughty ladies" email scam. If you have a laptop that connects to a company network, or if someone connects a laptop to your home network and passwordless sharing is enabled, you may have a problem. If you did this before antivirus programs were updated you may have a problem because this can disable/uninstall (updated) virus signatures if it's already in place. Then there is the backup problem. If this thing is in your backup files and you have to rebuild your system, you'd better make sure you update antivirus sigs before putting the files back.
I'm with Lee on this and I don't see how Firefox will save you, since this has nothing to do with browser vulnerabilities. On the other hand it's comforting to see an honest to goodness destructive payload again after all this time. This may not be the best at spreading, but the consequences of being hit by it are very unpleasant.
Despite being a Linux and Mac OS X user (for which there are no self-propagating viruses/worms in the wild) I'm still running antivirus software to stop nasties from the dark s... ahem, Windows users from spreading via infected files I may legitimately pass on.
As you say, what's for you won't...
Baskerville
|
|
|
virus or worm ?
of course citroenian (lee) is right to call it a virus.
since stuartli quotes microsoft as an authority on these matters "... Microsoft states clearly that if your security measures ..."
i will support lee by quoting from:
www.microsoft.com/athome/security/viruses/intro_vi...x
"....Some viruses that are more sophisticated, such as worms, ...."
and is also supported by
www.webopedia.com/DidYouKnow/Internet/2004/virus.a...p
"A worm is ..... a sub-class of a virus. "
but as lee says, viruses, worms, who cares what you call tehm. tehy are all nasties.
|
|
|
Stuart, are you deliberately trying to wind me up?
>>Microsoft states clearly that if your security measures are in place and up to date and you observe the usual precautions, then there is little to worry about
There's a couple of posts above yours that make exactly this point. Microsoft and me are both saying the same thing. Check that you're up to date and have taken precautions. Otherwise, worry.
>>It requires a certain set of procedures to actually set the worm into action
No, it doesn't. If you're on or access a network with an infected computer and you've not done what both Microsoft and I suggest, you could well get infected. But good luck with your alternative browser and mail client. It's not like they run on a Microsoft operating system
You do add a lot to this forum, but at times your pedantry is quite annoying.
--Lee ..
|
This is the Microsoft website information:
tinyurl.com/b49w3
One of the main reasons I switched to Firefox and Thunderbird about a year ago was due to the seemingly never ending problems with Internet Explorer and Outlook Express, plus the constant almost daily requirement to keep them updated.
- - - - - - - - - - - - - - - - - - - - -
What\'s for you won\'t pass you by
|
My final posting on this subject:
switched to Firefox and Thunderbird
An understandable reason to jump - but it's mainly because of the huge market share IE has that it's been attacked so much. Currently, Firefox is at 9.7% (40% in .... Finland) - as this grows, so will attacks on it.
MS recognised the fact that updates all the time are tiresome, so for the past, I don't know, year or so, have released all their updates on the second Tuesday of the month, to allow planned roll outs. If something horrible comes along in the meantime, they'll release a patch outside this schedule. Off the top of my head, this has only happened a couple of times.
The whole way Microsoft works is changing - for example, 64-bit Vista won't allow installation of unsigned drivers. This should help prevent rogue drivers shabbering your system. I don't think there'll ever be a fully secure computer that is switched on or especially connected to a network, but it's important to take whatever measures you can to try and avoid damage.
--Lee
|
>but it's mainly because of the huge market share IE has that it's been attacked so much. Currently, Firefox is at 9.7% (40% in .... Finland) - as this grows, so will attacks on it.
Market share alone explains very little--I'm sure there are "attacks" on FF, it's just that they haven't been successful yet. You have to look at what the software allows to happen without user intervention, what level of permissions the software has, what permissions the user has, and a raft of other things. There are 50,000+ viruses for Windows, so by market share alone Mac OS X, which has been around longer than Windows XP, should have around 2500. Yet there are none. Why not even one, given that the person who created it would be famous?
|
>>Browser market share>>
The latest figures can be found at;
www.e-janco.com/browser.htm
although figures are more in favour of FF at:
tinyurl.com/bmx88
Don't forget that IE has been around for a long time compared to FF, which is developing an ever growing following.
- - - - - - - - - - - - - - - - - - - - -
What\'s for you won\'t pass you by
|
|
|
|
If you run task manager (CTRL-ALT-ESC)
It's CTRL-ALT-DEL to bring up the task manager on my pc.
|
Ctrl+Alt+Esc switches from an open Window to the next one or e-mail program in turn.
- - - - - - - - - - - - - - - - - - - - -
What\'s for you won\'t pass you by
|
|
|
|
|
|
