RealTime IT News

As Promised, Blackworm Strikes

Blackworm, KamaSutra, Grew, MyWife: call the slimy worm what you will. If you have it, you know it already as you've likely lost most of your content files.

Security experts have been warning for over a week that the worm designated CME-24 and known by various other more colorful names was set to deliver its nefarious payload today.

On victims' PCs, CME-24 overwrote at least 11 different file types, including all .doc, .xls, .ppt/.pps and .pdf files, among others.

Security firm LURHQ reported that the total number of users infected worldwide is close to 600,000. E-mail security firm Postini reported that over the course of this week, CME-24 and its variants were numbering approximately 200,000 intercepted messages every day.

Yet despite all the clamor, CME-24 is not the most active virus, at least according to Finnish security firm F-secure. It reported CME-24 as only the third most virulent virus detected in the last 24 hours at 13.7 percent.

A Netsky variant came in second at 16 percent and a bagle variant placed first at 24.8 percent.

It is also unclear at this point exactly how much actual damage the CME-24 virus caused.

Ken Dunham, director of the Rapid Response Team at iDefense, reported that a significant percentage of infected computers was successfully cleaned of the worm before the Feb. 3rd over-write date, largely due to security expert and media efforts to date.

All major security vendors updated their anti-virus signatures long before today in order to protect users against the worm.

The well-publicized payload delivery date likely helped limit the worm's total damage. Dunham noted that the deadline gave vendors and users time to identify and remove the threat, which many did successfully.