Security Management Strategies for the CIOThe full picture may not be clear until early next week, but for now, it appears the efforts of AV vendors and IT professionals have blunted Nyxem's threat to enterprise networks.
The worm -- also known as Grew, Blackmal and Mywife, among others -- is programmed to overwrite files on infected machines Feb. 3. But AV specialists said late Friday morning that they'd received few or no reports of damage.
"My own feeling is that this isn't a new threat, it's been around a couple weeks and AV vendors have had protection in place," said David Emm, senior technology consultant at Russian AV firm Kaspersky Lab.
Requires Free Membership to View
 |
||||
|
|
|||
|
||||
"The vast majority of the machines infected by Nyxem are home computers," he said in an e-mail exchange. "Nothing will happen on them until people get home from work and boot up their machines. Half an hour later the damage starts. The user won't realize what's going on until an hour or two later, when it's already late Friday night. The full scope of the problem won't come to light until during the weekend or early next week."
F-Secure developed a map showing where Nyxem's spread is most prevalent, based on the Web counter the worm has been using to tally its infections. The map indicates that most infections are in the United States and Europe.
While the threat affects mostly home users at this point, enterprises in some parts of the world have been affected, said Siobhan MacDermott, vice president of communications for Santa Clara, Calif.-based McAfee Inc.
"The damage is predominantly in India and Peru, places where they're not using security tools to catch malicious attachments," she said. "In those parts of the world, it's not just the home users. It's enterprises as well."
|
||||
|
|
|||
|
||||
There has been debate in the information security community over whether the threat was over-hyped. Those interviewed agreed the warnings were necessary in light of the worm's destructive payload, which is set to activate on the third day each month and replace the content of users' files with a text string 'DATA Error [47 0F 94 93 F4 K5].' Among these files are .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd and .dmp.
"We didn't expect to be inundated with damage reports [because of the AV protection]," Emm said. "But given the payload, we felt it was wise to alert people to ensure they did update their AV and other security procedures."
Graham Cluley, senior technology consultant for UK-based AV firm Sophos, also pointed out that Nyxem is still spreading.
"In the last 24 hours [the worm] has accounted for 10% of all reports at our global network of monitoring stations, putting it in third place," he said in an e-mail exchange. "So people shouldn't drop their guard just because they might have survived this deadline."
Cluley also cautioned people not to worry about Nyxem so much that other, more serious threats are missed.
"There are 120,000 other pieces of malware out there, some of which do much nastier things like stealing credit card information and banking data," he said.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation