Blackworm
From Wikipedia, the free encyclopedia
Blackworm is an Internet worm that spreads by e-mail via messages with infected attachments and through unprotected network shares. The user can accidentally infect a computer by opening a malicious e-mail attachment or running an infected executable file on a computer running common versions of Microsoft Windows.
Blackworm is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.
Blackworm is designed to corrupt data on infected computers on February 3, 2006, in respect to The Day the Music Died. It also deletes the files belonging to several antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It also deletes the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started. Microsoft puts Blackworm's damage rating at "high".
The damage of this virus is severe. The timing is off, recording that it went off for some people of October 26th.
It also attempts to disable security-related and filesharing software as well as destroying files of certain types. When executed, it copies itself to the files rundll16.exe, scanregw.exe, Update.exe, and Winzip.exe. Sometimes it fakes searching for porn in Google toolbar and Often is spread by E-Mails advertising Viagra.
[edit] Nyxem.E
Nyxem.E activates on the 3rd of each month, starting in February 2006. When an infected computer is booted up on the 3rd, 30 minutes after startup, the worm replaces all document files (DOC/XLS/PPT/ZIP/RAR/PDF/MDB) with the text "DATAError [47 0F 94 93 F4 K5]"
Contrary to expectations, on the first such February 3rd, widespread reports of the worm's destructive effects never appeared. A combination of media attention and initiative by ISPs led to many users disinfecting their machines, or just not booting on the 3rd.
One of the signs that a computer is infected is that antivirus software stops working. Another is the presence of files named Winzip.exe, Update.exe and WINZIP_TMP.EXE in C:\Windows\System or C:\Windows\System32 folders.
[edit] External links
- Description of Blackworm from the Internet Storm Center
- LURHQ Threat Intelligence Group BlackWorm Hostile Payload Scheduled to Activate Feb 3
- CME-24 (BlackWorm) Users’ FAQ
- Nyxem.E at Symantec - Detailed description of the Nyxem.E virus
- Nyxem.E at Microsoft - Microsoft description and detailed information on the Nyxem.E virus
- Nyxem.E at Kaspersky Labs - Nyxem.E detailed description and manual removal instructions
- Nyxem.E at F-Secure - Nyxem.E Virus Information.
- How to remove Blackworm tutorial
 |
This malware-related article is a stub. You can help Wikipedia by expanding it. |
