Blackworm May Have Already Hit | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Blackworm May Have Already Hit

Written By
Sean Michael Kerner
Sean Michael Kerner
Jan 26, 2006
2 minute read

Update your antivirus program and hunker down. A major virus outbreak may
well be just around the corner if it isn’t here already.

A virus referred to as “Blackworm” by some security vendors has
apparently already infected more then 2 million systems. At least that’s
what the virus’s own counter Web site is posting.

The number may well be
somewhat exaggerated, as at least one security researcher has pointed out the counter is recording hits, not unique IPs.

All this and the real destructive payload isn’t even turned on yet.

Blackworm will unleash its misery on the naïve, unsuspecting, insecure PC
users of the world on Feb. 3, overwriting at least 11 different file
types on users’ computers.

Those file types include all .doc (Microsoft Word), .xls (Microsoft Excel), .ppt/.pps (Microsoft PowerPoint) and .pdf files, among
others.

According to the Internet Storm Center at the SANS Institute, the
overwritten files will be replaced with an error message: ‘DATA Error [47 0F
94 93 F4 K5]’.

Like most of its brethren, Blackworm spreads via e-mail attachments
and insecure file shares. An infected system gets a malicious zip file icon
placed somewhere on the system.

“The size of the main executable is about 95 kilobytes,” according to Finnish security firm F-Secure. “When the worm’s file
is run, it first opens WinZip as a decoy.”

F-Secure added that on their test systems it also blocked keyboard and mouse so the only option was to press CTRL + ALT + DEL and to log off.

Blackworm is also known as Blackmal, Nyxem, MyWife, Tearec and KamaSutra,
though it now has a Common Malware Enumeration (CME) identification of
CME-24.

Much like CVE for vulnerabilities, CMEs provide a common numerical name identification for a virus enabling a neutral, shared identification method to benefit both security vendors and end users.

As with most modern viruses, the best defense is updated antivirus
software. The catch with Blackworm, though, is that if you didn’t update your
antivirus software before getting infected, the worm may well have already disabled it.

The Blackworm mass outbreak may well be bucking an overall downward trend
in viruses of late. A recent study from IBM reported that e-mail-borne viruses were down sharply in 2005 over
2004.

In 2005 only 2.8 percent of e-mails contained a virus down from 6.1
percent in 2004.
Sean Michael Kerner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information