RealTime IT News

Blackworm May Have Already Hit

Update your antivirus program and hunker down. A major virus outbreak may well be just around the corner if it isn't here already.

A virus referred to as "Blackworm" by some security vendors has apparently already infected more then 2 million systems. At least that's what the virus's own counter Web site is posting.

The number may well be somewhat exaggerated, as at least one security researcher has pointed out the counter is recording hits, not unique IPs.

All this and the real destructive payload isn't even turned on yet.

Blackworm will unleash its misery on the naïve, unsuspecting, insecure PC users of the world on Feb. 3, overwriting at least 11 different file types on users' computers.

Those file types include all .doc (Microsoft Word), .xls (Microsoft Excel), .ppt/.pps (Microsoft PowerPoint) and .pdf files, among others.

According to the Internet Storm Center at the SANS Institute, the overwritten files will be replaced with an error message: 'DATA Error [47 0F 94 93 F4 K5]'.

Like most of its brethren, Blackworm spreads via e-mail attachments and insecure file shares. An infected system gets a malicious zip file icon placed somewhere on the system.

"The size of the main executable is about 95 kilobytes," according to Finnish security firm F-Secure. "When the worm's file is run, it first opens WinZip as a decoy."

F-Secure added that on their test systems it also blocked keyboard and mouse so the only option was to press CTRL + ALT + DEL and to log off.

Blackworm is also known as Blackmal, Nyxem, MyWife, Tearec and KamaSutra, though it now has a Common Malware Enumeration (CME) identification of CME-24.

Much like CVE for vulnerabilities, CMEs provide a common numerical name identification for a virus enabling a neutral, shared identification method to benefit both security vendors and end users.

As with most modern viruses, the best defense is updated antivirus software. The catch with Blackworm, though, is that if you didn't update your antivirus software before getting infected, the worm may well have already disabled it.

The Blackworm mass outbreak may well be bucking an overall downward trend in viruses of late. A recent study from IBM reported that e-mail-borne viruses were down sharply in 2005 over 2004.

In 2005 only 2.8 percent of e-mails contained a virus down from 6.1 percent in 2004.