Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
"The worm, named Nyxem.E, was discovered on January 20. It spreads by convincing users to open an executable attachment in their e-mail, tempting them with subject lines such as "Arab sex DSC-00465.jpg," "Miss Lebanon 2006," or "School girl fantasies gone bad." The executable, when run, checks to see if there are any common anti-virus programs running, and if so disables them. It inserts itself into the Windows registry in the standard places such as Software\Microsoft\Windows\CurrentVersion\Run so that it will run on startup, then scans the users' hard drive for any e-mail addresses it can find to send itself off to the next victim. It also attempts to spread via network shares.
The payload, which is set to execute on the third day of every month and so will first deploy on February 3, does not render the user's computer inoperative, but instead destroys that user's data. All Word, Excel, Access, Powerpoint, Acrobat, Photoshop, and some other files including zipped archives are deleted and replaced with the text string "DATA Error [47 0F 94 93 F4 K5]." This could result in some embarrassingly short business presentations scheduled for the beginning of next month"
More info at:
http://arstechnica.c...60123-6028.html
February 3 Worm Set to delete files
Started by
Guest_mysticalone_*
, Jan 16 2007 09:12 AM
10 replies to this topic
Back to top|
|
|
#2
Posted 16 January 2007 - 09:38 AM
TcM
-
- Members
-
- 11,147 posts
Writes binary right handed and hex left handed
Thanks for the TIP! I will pay attention!
#3
Posted 18 January 2007 - 05:58 AM
AfTriX
-
- Members
-
- 586 posts
Programming God
Thanks for the information.
I will make necessary attention as precaution.
I will make necessary attention as precaution.
#4
Posted 19 January 2007 - 03:07 AM
xtraze
-
- Members
-
- 910 posts
Programming God
mysticalone said:
"The worm, named Nyxem.E, was discovered on January 20. It spreads by convincing users to open an executable attachment in their e-mail, tempting them with subject lines such as "Arab sex DSC-00465.jpg," "Miss Lebanon 2006," or "School girl fantasies gone bad." The executable, when run, checks to see if there are any common anti-virus programs running, and if so disables them. It inserts itself into the Windows registry in the standard places such as Software\Microsoft\Windows\CurrentVersion\Run so that it will run on startup, then scans the users' hard drive for any e-mail addresses it can find to send itself off to the next victim. It also attempts to spread via network shares.
The payload, which is set to execute on the third day of every month and so will first deploy on February 3, does not render the user's computer inoperative, but instead destroys that user's data. All Word, Excel, Access, Powerpoint, Acrobat, Photoshop, and some other files including zipped archives are deleted and replaced with the text string "DATA Error [47 0F 94 93 F4 K5]." This could result in some embarrassingly short business presentations scheduled for the beginning of next month"
More info at:
http://arstechnica.c...60123-6028.html
The payload, which is set to execute on the third day of every month and so will first deploy on February 3, does not render the user's computer inoperative, but instead destroys that user's data. All Word, Excel, Access, Powerpoint, Acrobat, Photoshop, and some other files including zipped archives are deleted and replaced with the text string "DATA Error [47 0F 94 93 F4 K5]." This could result in some embarrassingly short business presentations scheduled for the beginning of next month"
More info at:
http://arstechnica.c...60123-6028.html
I can't understand why people waste their time to create such viruses, maybe the antivirus companies pay those hackers or anything. Or maybe they're doing it for fun ??
#5
Posted 19 January 2007 - 08:48 AM
TcM
-
- Members
-
- 11,147 posts
Writes binary right handed and hex left handed
Well these are people with no life, they just want to shop what they are capable of and they like to hear on websites that their virus, it's like because they have the power and knowledge they think that they can make these stupid things to get famous all over the net! duh
#6
Posted 19 January 2007 - 09:58 PM
AfTriX
-
- Members
-
- 586 posts
Programming God
And I guess they are Very Talented Jobless fellows, because creating a virus also requires a lot of knowledge.
#7
Guest_littlefranciscan_*
Posted 20 January 2007 - 04:25 AM
Guest_littlefranciscan_*
Guest_littlefranciscan_*
-
- Guests
Wow...guess you gotta watch out what "sites" you visit then don't you and especially don't get tempted by email invitations;)
#8
Posted 20 January 2007 - 06:35 AM
DevilsCharm
-
- Members
-
- 884 posts
Programming God
It's so easy to avoid these things, just don't open exec files from people you don't know... Also, you said it was discovered January 20th, but you posted January 16th. What's up with that?
#9
Guest_mysticalone_*
Posted 20 January 2007 - 08:32 AM
Guest_mysticalone_*
Guest_mysticalone_*
-
- Guests
I was told never to open any attachments..Do these viruses come as attachments?
#10
Guest_littlefranciscan_*
Posted 22 January 2007 - 04:51 PM
Guest_littlefranciscan_*
Guest_littlefranciscan_*
-
- Guests
I think there is a prophet in our midst who can see things yet to come:)
#11
Posted 25 January 2007 - 05:44 AM
AfTriX
-
- Members
-
- 586 posts
Programming God
I think mysticalone would have got that information from somewhere. and would notice the date thing as we all did at the beginning.
