 sj |
||
|
||
Tech: Urgent Worm Warning
|
|
|
|||||||
|
Tech: Urgent Worm Warning |
Share Thread
|
||||||
|
Subject: Tech: Urgent Worm Warning From: JohnInKansas Date: 27 Jan 06 - 09:46 AM Urgent Alert Raised for 'Blackworm' D-Day eWeek. By Ryan Naraine, January 24, 2006 It is "unusual" for the AV people to put out an "urgent" alert of this kind. It's uncertain just how much damage may occur, but the potential is rather high. The "Blackworm," a.k.a. "Kama Sutra," "Blackmal," "MyWife," and "Nyxem," is quite new and is claimed to have infected at least 700,000 individual machines as of 5 PM January 24. "F-Secure said the worm accounts for more than 17 percent of all virus infections in the last 24 hours." The payload for this particular infection is really nasty, since it is set to "go off" on the third day of each month and delete ALL Microsoft Word, Microsoft Excel, PowerPoint, PDF, ZIP and PSD files on all available drives. The deletion is complete. It DOES NOT send the files to the trash bin where they might be restored. The files are obliterated. Since February 3 is a "trigger date," when the worm will do its damage on infected machines, a download of CURRENT AV DEFINITIONS and a FULL SYSTEM SCAN for virus infection is strongly recommended before that date. The worm also attempts to block/destroy AntiVirus programs, so if your AV fails to run as expected there's a very good chance you've been infected with this or with one of a few similar ones. The report is that people with good AV programs on their individual machines, current definitions, and regular scans probably will not be infected. An original infection is from an email (reportedly with explicit "Kama Sutra" photos), but since the worm propagates itself once established on a machine, it can spread on networks (including sneaker nets) without involving email. If you're working on something critical that involves one of the file types listed, and if you're unsure of your protections, copying critical files to CD or DVD, or some other removable media, or to an external Hard drive that you can unplug until after the Feb 3 "event," when you're sure you're safe, might be worth considering. If you don't have a good AV with current definitions to scan your machine, most of the AV makers can do an "online scan" that will probably suffice. If the worm has been triggered and has disabled your AV, that would be a first step to getting the infection cleaned up. Since most 'catters do keep their AV up to date, I'd expect this to be pretty much a non-event; but the AV people are treating it as something potentially very serious. Anything much that you can do about this is stuff you should be doing anyway so panic is probably not merited. If you haven't been doing the regular stuff, then run in circles, scream and shout… John |
|
Subject: RE: Tech: Urgent Worm Warning From: mack/misophist Date: 27 Jan 06 - 10:00 AM All you windows users take note. This guy usually knows what he's talking about. |
|
Subject: RE: Tech: Urgent Worm Warning From: GUEST Date: 27 Jan 06 - 10:04 AM does that mean macs are safe? |
|
Subject: RE: Tech: Urgent Worm Warning From: Stilly River Sage Date: 27 Jan 06 - 10:07 AM Never assume anything is safe. Let this be a reminder to do a good backup and virus scan. |
|
Subject: RE: Tech: Urgent Worm Warning From: treewind Date: 27 Jan 06 - 11:09 AM does that mean macs are safe? From Sophos: "Sophos automatically updated customers with protection against the W32/Nyxem-D Windows worm, which does not infect Macintosh computers, at 16:03 GMT on 16 January 2006." Macs are safe FROM THIS PARTICULAR WORM... And so are Sophos users, evidently - that includes the network I look after at work. Anahata |
|
Subject: RE: Tech: Urgent Worm Warning From: artbrooks Date: 28 Jan 06 - 08:18 AM Norton says that W32.Blackmal.E@mm is a mass-mailing worm that attempts to spread through network shares and lower security settings. It affects Windows products and is covered by their January 17th LiveUpdate. |
|
Subject: RE: Tech: Urgent Worm Warning From: JohnInKansas Date: 28 Jan 06 - 10:02 AM The thing that has the AV folk worried is that in addition to being a mass mailing worm it carries a "bomb" set to execute on the "3d day of each month" and delete a bunch of stuff on infected computers. February 3 will be the first destructive event scheduled since this worm appeared, so it's unknown - until it happens - whether anything really will happen. With respect to its other "features," it's not really different than the usual run of worms, and any good AV program, with current definitions, should get rid of it. If you update and scan as you should, you probably have no need to be too concerned. Apparently there are a lot of people into Kama Sutra, since reports on the speed with which the thing is getting passed around is "unusual." John |
|
Subject: RE: Tech: Urgent Worm Warning From: mack/misophist Date: 28 Jan 06 - 10:11 AM Mac and linux users (me) should not be lured into a false sense of security just because we haven't been hit yet. It's only a matter of time. Be careful what links you click on no matter what OS you use. |
|
Subject: RE: Tech: Urgent Worm Warning From: Stilly River Sage Date: 28 Jan 06 - 10:38 AM Exactly! |
|
Subject: RE: Tech: Urgent Worm Warning From: treewind Date: 28 Jan 06 - 11:45 AM I don't know why the AV people are worried about the "bomb" aspect of this: if their software is working the bomb will never have been installed. It's the Windows users who haven't installed any AV who should worry. A virus/worm that has a visible destructive effect may wake up a few million unprotected users into doing something about it, which means the AV vendors might see a boost in business. Yes, I am being cynical. Anahata |
|
Subject: RE: Tech: Urgent Worm Warning From: JohnInKansas Date: 28 Jan 06 - 05:15 PM Anahata - The biggest concern is for those running networks, where one person who doesn't run the AV could turn the bomb loose on a whole network. The worm that carries it in is viral, and can be detected by AV programs; but one idiot can turn loose what amounts to a "program" that automated defenses can't tell isn't something the SysAdmin meant to do. Once the "bomb" is executed, it's just another .exe program file, and all it's doing is deleting a bunch of documents.... John |
| Share Thread: |