News Stay informed about the latest enterprise technology news and product updates.

So far, Nyxem damage minimal

AV specialists say enterprises have dodged Nyxem's file-corrupting bullet thus far. But a true casualty count may not be known for a few days.

The full picture may not be clear until early next week, but for now, it appears the efforts of AV vendors and IT professionals have blunted Nyxem's threat to enterprise networks.

The worm -- also known as Grew, Blackmal and Mywife, among others -- is programmed to overwrite files on infected machines Feb. 3. But AV specialists said late Friday morning that they'd received few or no reports of damage.

"My own feeling is that this isn't a new threat, it's been around a couple weeks and AV vendors have had protection in place," said David Emm, senior technology consultant at Russian AV firm Kaspersky Lab.

More Nyxem coverage

Why the sky may not fall Feb. 3

Security Blog Log: Is Nyxem really that dangerous?

Nyxem expands its reach

Nyxem worm may wreak havoc Feb. 3

Mikko Hypponen, AV research director for Helsinki-based F-Secure Corp., agreed the threat to corporate users was mostly neutralized because AV signatures were updated in advance. But he warned the threat is far from over for home users.

"The vast majority of the machines infected by Nyxem are home computers," he said in an e-mail exchange. "Nothing will happen on them until people get home from work and boot up their machines. Half an hour later the damage starts. The user won't realize what's going on until an hour or two later, when it's already late Friday night. The full scope of the problem won't come to light until during the weekend or early next week."

F-Secure developed a map showing where Nyxem's spread is most prevalent, based on the Web counter the worm has been using to tally its infections. The map indicates that most infections are in the United States and Europe.

While the threat affects mostly home users at this point, enterprises in some parts of the world have been affected, said Siobhan MacDermott, vice president of communications for Santa Clara, Calif.-based McAfee Inc.

"The damage is predominantly in India and Peru, places where they're not using security tools to catch malicious attachments," she said. "In those parts of the world, it's not just the home users. It's enterprises as well."

Nyxem around the world

Images: Nyxem infests America, Europe
(Courtesy F-Secure Corp.)
For those companies, she said, the lesson is to use updated AV and to back up information in case of data loss. She added that it's also important to make sure users don't open e-mail attachments that promise elicit material for free.

There has been debate in the information security community over whether the threat was over-hyped. Those interviewed agreed the warnings were necessary in light of the worm's destructive payload, which is set to activate on the third day each month and replace the content of users' files with a text string 'DATA Error [47 0F 94 93 F4 K5].' Among these files are .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd and .dmp.

"We didn't expect to be inundated with damage reports [because of the AV protection]," Emm said. "But given the payload, we felt it was wise to alert people to ensure they did update their AV and other security procedures."

Graham Cluley, senior technology consultant for UK-based AV firm Sophos, also pointed out that Nyxem is still spreading.

"In the last 24 hours [the worm] has accounted for 10% of all reports at our global network of monitoring stations, putting it in third place," he said in an e-mail exchange. "So people shouldn't drop their guard just because they might have survived this deadline."

Cluley also cautioned people not to worry about Nyxem so much that other, more serious threats are missed.

"There are 120,000 other pieces of malware out there, some of which do much nastier things like stealing credit card information and banking data," he said.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.