NEWS
Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Nyxem virus.
Nyxem was first reported on 16 January. It is thought to have infected more than half a million PCs and security vendor Ironport warned on Thursday that these machines are now hard-coded to propagate the virus on 3 February.
Companies are unlikely to be directly affected if they are running up-to-date antivirus software because the major antivirus vendors have now released patches. But Ironport warned companies could experience secondary effects as the virus tries to propagate itself by harvesting email addresses on an infected machine.
Jason Steer, technical consultant at Ironport, said: "The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional email and network traffic, and possible slow down email response time."
Security company F-Secure has reported that Nyxem.E reached the top position in its virus statistics with 21.7 per cent of all reported infections. On Saturday the web counter used by the Nyxem worm itself showed more than 510,000 infections and continued to rise, according to F-Secure.
Once active, Nyxem will delete all Word, Excel, PowerPoint and PDF file types from a compromised PC. The multi-faceted malware will also attempt to propagate itself both through email and as a network worm, which can be particularly damaging on closed networks.
Ironport's Steer said: "Nyxem is certainly malicious. It can be delivered via email but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible."
The malware hides in attachment types not typically blocked by attachment filters, IronPort said.
The Internet community will not know the scale of the February attack until it occurs. Steer said: "It depends on how many hosts are infected. At the moment it's just sitting there quietly, and we won't know how many home users have been infected until 3 February."
Businesses should warn their employees not to open suspicious emails and to know what infected emails may look like. Steer said: "The subject lines may contain some references to pornography - fairly typical stuff."
He added: "Be vigilant. Update your antivirus patches and make sure your hard-disk has been scanned to detect and remove the virus."
Nyxem has the potential to cause havoc throughout the year, as infected PCs are set to activate on the third day of every month, unless they are cleaned up.
Tom Espiner writes for ZDNet UK
Comments
There are 3 comments. Join the discussion
1. anonymous
I have been tracking this threat since it's discovery.
This article is the most inaccurate that I've seen to date.
Not one reputable Anti-Vendor's analysis says that Nyxem, more accurately described as CME-24 (Common Malware Enumeration) will propagate on the 3rd of the month. It is propagating NOW and on the 3rd it will destroy data files on the infected computer.
Visit http://cme.mitre.org/data/list.html then visit the links to learn more about this serious threat, then consider correcting your article.
No offense intended,
2. anonymous
So are we saying there is no fix for it?
If there is, where are the websites details?
3. anonymous
By "So are we saying there is no fix for it?" If you mean is there no fix for the corrupted files.
If the computer is infected and if the virus triggers then files will be destroyed. The ONLY fix in this situation is to restore the files from backup. Of course everyone backs up important files.
Prior to the infection triggering file destruction the virus is EASILY cleaned.
Visit http://cme.mitre.org/data/list.html#24
And then click the link of your favorite AV vender to learn more details on the threat. At least one vendor (Symantec) has a stand alone cleaner for this threat.