Free Removal Tools Released as Blackworm Approaches

Free disinfection tools and useful security guidance are now available as anti-virus vendors scramble contain a nasty worm payload set to activate on Feb 3.

With the clock ticking on a Feb. 3 D-Day for the activation of the destructive Blackworm worm payload, anti-virus vendors are rushing to release free removal tools to help contain the damage.

The worm, also known as Kama Sutra, MyWife.E or Nyxem.E, uses the lure of sexually explicit photographs to trick e-mail users into executing an attachment that contains a payload capable of permanently corrupting a number of common document format files.

Microsoft has already issued an advisory with pointers to its Windows Live Safety Center, which offers a free scanner that detects and removes the worm.

The companys malicious software tool will be updated with signatures for Blackworm and released on Feb. 14.

Although volunteer security researches have already notified ISPs about possible customer infections and have issued warnings all week, it is likely the major damage has already been contained.

/zimages/1/28571.gifUrgent alert raised for Blackworm D-Day. Click here to read more.

Because the worm uses a Web-based counter to keep track of infections, virus hunters figured out that a maximum of 300,000 computers were contaminated. It is likely that some of those have already been cleaned, experts say.

But, no one is taking chances. Finnish anti-virus vendor F-Secure has released a free disinfection tool to help clean compromised computers before the Feb. 3 deadline.

BitDefender has also joined the list of companies offering a free Blackworm removal utility.

F-Secure Chief Incident Officer Mikko Hypponen said the first reports of destruction have already started to filter in.

"The destructive deadline of the Nyxem.E worm is based on the clock of the infected machine. So if youre infected and your clock is not set right, things could start to happen at any time—even though the official activation time is the third of the month," Hypponen explained.

"Weve already received first reports from users whove had files on their system overwritten by the worm."

When the worm activates, it destroys all Microsoft Word, Microsoft Excel, PowerPoint, PDF, ZIP and PSD files on all available drives.

"This is nasty," Hypponen declared, noting that the payload may also affect a USB thumb drive, external hard drives and network drives.

/zimages/1/28571.gifMicrosoft joins Blackworm D-Day warning chorus. Click here to read more.

The following guidance from Microsoft is also applicable to all Windows users:

Use up-to-date anti-virus software:
Most anti-virus software can detect and prevent infection by known malicious software. Always run antivirus software that is automatically updated with the latest signature files to help protect from infection.

Use caution with unknown attachments:
Use caution before opening unknown e-mail attachments, even if the sender is known. If you cannot confirm with the sender that a message is valid and that an attachment is safe, delete the message immediately. Then, run up-to-date anti-virus software to check your computer for viruses.

Use strong passwords:
Strong passwords on all privileged user accounts, including the Administrator account, will help block this malwares attempt to spread through network shares.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.