Update your antivirus program and hunker down. A major virus outbreak may
well be just around the corner if it isn’t here already.
A virus referred to as “Blackworm” by some security vendors has
apparently already infected more then 2 million systems. At least that’s
what the virus’s own counter Web site is posting.
The number may well be
somewhat exaggerated, as at least one security researcher has pointed out the counter is recording hits, not unique IPs.
All this and the real destructive payload isn’t even turned on yet.
Blackworm will unleash its misery on the naïve, unsuspecting, insecure PC
users of the world on Feb. 3, overwriting at least 11 different file
types on users’ computers.
Those file types include all .doc (Microsoft Word), .xls (Microsoft Excel), .ppt/.pps (Microsoft PowerPoint) and .pdf files, among
others.
According to the Internet Storm Center at the SANS Institute, the
overwritten files will be replaced with an error message: ‘DATA Error [47 0F
94 93 F4 K5]’.
Like most of its brethren, Blackworm spreads via e-mail attachments
and insecure file shares. An infected system gets a malicious zip file icon
placed somewhere on the system.
“The size of the main executable is about 95 kilobytes,” according to Finnish security firm F-Secure. “When the worm’s file
is run, it first opens WinZip as a decoy.”
F-Secure added that on their test systems it also blocked keyboard and mouse so the only option was to press CTRL + ALT + DEL and to log off.
Blackworm is also known as Blackmal, Nyxem, MyWife, Tearec and KamaSutra,
though it now has a Common Malware Enumeration (CME) identification of
CME-24.
Much like CVE for vulnerabilities, CMEs provide a common numerical name identification for a virus enabling a neutral, shared identification method to benefit both security vendors and end users.
As with most modern viruses, the best defense is updated antivirus
software. The catch with Blackworm, though, is that if you didn’t update your
antivirus software before getting infected, the worm may well have already disabled it.
The Blackworm mass outbreak may well be bucking an overall downward trend
in viruses of late. A recent study from IBM reported that e-mail-borne viruses were down sharply in 2005 over
2004.
In 2005 only 2.8 percent of e-mails contained a virus down from 6.1
percent in 2004.