Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Urgent Alert Raised for Blackworm D-Day

    By
    Ryan Naraine
    -
    January 24, 2006
    Share
    Facebook
    Twitter
    Linkedin

      A high-powered group of security volunteers are raising an “urgent alert” for a potentially destructive e-mail worm crawling through inboxes, warning that the worms payload is capable of completely destroying important documents on an infected machine.

      The worm, which uses the lure of sexually explicit Kama Sutra photographs to trick e-mail users into executing an attachment, is programmed to deliver the destructive payload on the third day of every month.

      With a D-Day of Feb. 3 fast approaching, members of the MWP (Malicious Web sites and Phishing) research and operational mailing list have set up a task force to track the threat and help ISPs identify infected users in their net-space.

      Gadi Evron, CERT manager in Israels ministry of finance, is coordinating an industry-wide effort to get businesses and consumers to update anti-virus definitions to help thwart the continued spread of the worm.

      “This risk may turn out to be nothing and whatever happens, the Internet is NOT going to die … However effective or ineffective this may be, we urge users to update their anti-virus [signatures] as soon as possible and scan their computers and/or networks,” Evron said in a call-to-arms message posted on the SecuriTeam site.

      /zimages/2/28571.gifIs anti-virus software the next big worm target? Click here to read more.

      At 5:00 p.m. on Jan 24, more than 700,000 computers had already been infected by the worm, according to a stats counter used by the worm author. Finnish anti-virus vendor F-Secure, said the worm accounts for more than 17 percent of all virus infections in the last 24 hours.

      Adding to the confusion is the fact that anti-virus vendors are all using different names to identify the worm. In addition to Kama Sutra, the worm has been named Blackworm, Blackmal, MyWife and Nyxem.

      According to F-Secure virus researcher Alexey Podrezov, the mass-mailing worm also tries to spread using remote shares. Once a machine gets infected, the worm completely disables anti-virus and other security software before delivering a payload that destroys certain file types.

      Once the worms UPDATE.EXE file is run, it destroys all Microsoft Word, Microsoft Excel, PowerPoint, PDF, ZIP and PSD files on all available drives.

      “Its a rather destructive payload. Youre looking at probably several hundred thousand users that would have data loss—and pretty serious data loss at that,” said Alex Eckelberry, president of anti-virus vendor Sunbelt Software.

      In an interview with eWEEK, Eckelberry said the post-infection clean-up is made difficult because of the way the worm disables all anti-virus programs.

      “When it destroys the data, theres no going to the recycle bin to get it back. It destructively destroys the data,” Eckelberry stressed.

      The LURHQ Threat Intelligence Group has released Snort signatures to help enterprises detect infected users in a net-space.

      In addition, LURHQ recommends that executables and unknown file types be blocked at the e-mail gateway to prevent the worm from entering a network. The attachments sent by the worm may contain the following extensions: pif, scr, mim,uue, hqx, bhx, b64, and uu.

      /zimages/2/28571.gifMIcrosoft plugs critical e-mail server holes. Click here to read more.

      “At this time we have seen almost no infections across our customer base using our IDS platform and these signatures. Networks which utilize up-to-date desktop anti-virus on all machines should experience no problems. However, the worm does attempt to disable AV and security software, so advising users to test their AV may also be in order. If the AV refuses to run, it may be an indication of infection by this or another worm,” according to the LURHQ advisory.

      “It is important to note that although the worm enters a network as an e-mail attachment, once a machine is infected, it will attempt to copy itself to open MS network C or Admin shares as WINZIP_TMP.exe, so machines without e-mail access could still be affected.

      “If you have any of these shares open on your network, searching for this file name on the shares is a good way to tell if anyone has been infected,” the advisory said.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×