Article

So far, Nyxem damage minimal

Bill Brenner

The full picture may not be clear until early next week, but for now, it appears the efforts of AV vendors and IT professionals have blunted Nyxem's threat to enterprise networks.

The worm -- also known as Grew, Blackmal and Mywife, among others -- is programmed to overwrite files on infected machines Feb. 3. But AV specialists said late Friday morning that they'd received few or no reports of damage.

"My own feeling is that this isn't a new threat, it's been around a couple weeks and AV vendors have had protection in place," said David Emm, senior technology consultant at Russian AV firm Kaspersky Lab.

    Requires Free Membership to View

More Nyxem coverage

Why the sky may not fall Feb. 3

Security Blog Log: Is Nyxem really that dangerous?

Nyxem expands its reach

Nyxem worm may wreak havoc Feb. 3

Mikko Hypponen, AV research director for Helsinki-based F-Secure Corp., agreed the threat to corporate users was mostly neutralized because AV signatures were updated in advance. But he warned the threat is far from over for home users.

"The vast majority of the machines infected by Nyxem are home computers," he said in an e-mail exchange. "Nothing will happen on them until people get home from work and boot up their machines. Half an hour later the damage starts. The user won't realize what's going on until an hour or two later, when it's already late Friday night. The full scope of the problem won't come to light until during the weekend or early next week."

F-Secure developed a map showing where Nyxem's spread is most prevalent, based on the Web counter the worm has been using to tally its infections. The map indicates that most infections are in the United States and Europe.

While the threat affects mostly home users at this point, enterprises in some parts of the world have been affected, said Siobhan MacDermott, vice president of communications for Santa Clara, Calif.-based McAfee Inc.

"The damage is predominantly in India and Peru, places where they're not using security tools to catch malicious attachments," she said. "In those parts of the world, it's not just the home users. It's enterprises as well."

Nyxem around the world


Images: Nyxem infests America, Europe
(Courtesy F-Secure Corp.)
For those companies, she said, the lesson is to use updated AV and to back up information in case of data loss. She added that it's also important to make sure users don't open e-mail attachments that promise elicit material for free.

There has been debate in the information security community over whether the threat was over-hyped. Those interviewed agreed the warnings were necessary in light of the worm's destructive payload, which is set to activate on the third day each month and replace the content of users' files with a text string 'DATA Error [47 0F 94 93 F4 K5].' Among these files are .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd and .dmp.

"We didn't expect to be inundated with damage reports [because of the AV protection]," Emm said. "But given the payload, we felt it was wise to alert people to ensure they did update their AV and other security procedures."

Graham Cluley, senior technology consultant for UK-based AV firm Sophos, also pointed out that Nyxem is still spreading.

"In the last 24 hours [the worm] has accounted for 10% of all reports at our global network of monitoring stations, putting it in third place," he said in an e-mail exchange. "So people shouldn't drop their guard just because they might have survived this deadline."

Cluley also cautioned people not to worry about Nyxem so much that other, more serious threats are missed.

"There are 120,000 other pieces of malware out there, some of which do much nastier things like stealing credit card information and banking data," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: