To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39155968,00.htm

Virus alert: Nyxem set to spring on 3 February
Heavy traffic possible...

By Tom Espiner

Published: Friday 27 January 2006

Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Nyxem virus.

Nyxem was first reported on 16 January. It is thought to have infected more than half a million PCs and security vendor Ironport warned on Thursday that these machines are now hard-coded to propagate the virus on 3 February.

Companies are unlikely to be directly affected if they are running up-to-date antivirus software because the major antivirus vendors have now released patches. But Ironport warned companies could experience secondary effects as the virus tries to propagate itself by harvesting email addresses on an infected machine.

Jason Steer, technical consultant at Ironport, said: "The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional email and network traffic, and possible slow down email response time."

Security company F-Secure has reported that Nyxem.E reached the top position in its virus statistics with 21.7 per cent of all reported infections. On Saturday the web counter used by the Nyxem worm itself showed more than 510,000 infections and continued to rise, according to F-Secure.

Once active, Nyxem will delete all Word, Excel, PowerPoint and PDF file types from a compromised PC. The multi-faceted malware will also attempt to propagate itself both through email and as a network worm, which can be particularly damaging on closed networks.

Ironport's Steer said: "Nyxem is certainly malicious. It can be delivered via email but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible."

The malware hides in attachment types not typically blocked by attachment filters, IronPort said.

The Internet community will not know the scale of the February attack until it occurs. Steer said: "It depends on how many hosts are infected. At the moment it's just sitting there quietly, and we won't know how many home users have been infected until 3 February."

Businesses should warn their employees not to open suspicious emails and to know what infected emails may look like. Steer said: "The subject lines may contain some references to pornography - fairly typical stuff."

He added: "Be vigilant. Update your antivirus patches and make sure your hard-disk has been scanned to detect and remove the virus."

Nyxem has the potential to cause havoc throughout the year, as infected PCs are set to activate on the third day of every month, unless they are cleaned up.

Tom Espiner writes for ZDNet UK