Microsoft Issues Own Blackworm Warning

Microsoft is preparing users for the arrival of the Blackworm, a mass mailing malware variant expected to infiltrate and slam personal computers this Friday.

The software vendor, which calls the socially inclined worm Win32/[email protected], said the worm tries to lure users to open an attached file in an e-mail message.

But if the recipient opens the file, the malware sends itself to all the contacts in the computer’s e-mail client address book.

The malware also attempts to scan the network looking for systems it can connect to and infect. If it fails to connect to one of these systems, logs on with “Administrator” as the user name together with a blank password, Microsoft said in a security advisory this week.

Blackworm, also known as Blackmal, Nyxem, MyWife, Tearec and KamaSutra, places a malicious zip file icon somewhere on the system.

The malware is designed to wreck a number of common document format files on the third day of every month.

Feb. 3, 2006, is the first time this malware is expected to corrupt the content of specific document format files, including all .doc (Microsoft Word), .xls (Microsoft Excel), .ppt/.pps (Microsoft PowerPoint) and .pdf files, among others.

What makes the Blackworm so vexing to security experts is that the malware also modifies or deletes files and registry keys associated with certain computer security applications, stopping them before they can counter the Blackworm.

Microsoft said customers infected with the Mywife malware should contact their antivirus vendor.

Customers may also visit the Windows Live Safety Center Web site to procure a scan to ensure their systems are free of infection.

Microsoft also noted the Windows OneCare Live Beta detects and protects computers from the Blackworm and its variants.

News Around the Web