US-CERT Current Activity: "Nyxem Mass-mailing Worm
added January 24, 2006 | updated January 25, 2006
US-CERT is aware of a new mass-mailing worm known as Nyxem (CME-24). This worm relies on social engineering to propagate. Specifically, the user must click on a link or open an attached file.
The Nyxem worm targets Windows systems that hide file extensions for known file types (this is the default setting for Windows XP and possibly other versions). The worm's icon makes it appear to be a WinZip file. As a result, the user may unknowingly start the worm.
Once a Windows system is infected, the malicious code may:
Attempt to harvest email addresses stored on the infected system
Utilize its own SMTP engine to send itself to the harvested email addresses
Disable anti-virus and file sharing programs
Spread itself using all available Windows network shares on the infected system
Modify the active Desktop
In addition, on February 3, 2006, the worm will corrupt files and make them unusable by overwriting them with a small text message. The files with the following extensions are targeted on this date: DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR,PDF, PSD and DM.
US-CERT strongly encourages users and system administrators to implement the following workarounds:
Install anti-virus software, and keep its virus signature files up-to-date
Block executable and unknown file types at the email gateway
Additionally, US-CERT strongly encourages users not to follow unknown links, even if sent by a known and trusted source. Users may also wish to visit the US-CERT Computer Virus Resources for general virus protection information."