onsdag, februar 01, 2006

Every word stated in this article does not necessarily state of express any of my own views. It is entirely for the purpose of providing information to the public and the contents belong to
with reference to the following
by Balvin
___________________________________________________________

MyCERT Special Alert: MA-101.012006: MyCERT Special Alert - W32.Nyxem.D Worm

Original Issue Date: 24th January 2006

Introduction

MyCERT received information from various reliable sources regarding the circulation of a particular worm and its variant, known as the W32.Nyxem.D worm (Sophos Anti Virus). W32.Nyxem.D is a mass-mailing worm that attempts to spread through network shares and low ers security settings. Most anti-virus vendors had rated the W32.Nyxem.D worm as MEDIUM in risk assessment and MEDIUM inpotential damage associated to the worm. The W32.Nyxem.D variant was first discovered on 17th January 2006 (UTC Time).

Based on the number of reports received, currently there is no strong evidence indicating widespread infection relating to W32.Nyxem.D worm and its variant in our constituency, but MyCERT advises users and organizations to patch vulnerable systems and take the prevention actions as provided below to prevent infection and future incidents that may target this vulnerability.

Systems Affected
  • Windows 95
  • Windows 98
  • Windows ME
  • Windows NT
  • Windows 2000
  • Windows Server 2003
  • Windows XP
Aliases
  • W32/Nyxem-D [Sophos]
  • W32.Blackmal.E [Symantec]
  • WORM_GREW.{A, B} [Trend Micro]
  • W32/MyWife.d@MM [McAfee]
  • Email-Worm.Win32.Nyxem.e [F-Secure]
  • Win32/Blackmal.F [Computer Associates]
  • W32/Small.KI@mm [Norman]
  • Tearec.A [Panda Software]
Payload
  • Turns off anti-virus application
  • Sends itself to email addressed found on the infected computer
  • Deletes files off the computer
  • Forges the sender's email address
  • Uses its own emailing engine
  • Downloads code from the internet
  • Reduces system security
  • Installs itself in the Registry
For further description please go to MyCERT's advisory webpage at
http://www.mycert.org.my/advisory/MA-101.012006.html

posted by Balvin @ 12:20:00 a.m.