Countdown for Nyxem virus

By Derek Sooman on January 30, 2006, 3:02 PM
Anyone who does not regularly sweep their machine for viruses might want to do so before the 3rd of February – that’s the date that the Nyxem virus is set to delete Word, Powerpoint, Excel and Acrobat files on infected machines, and I would guess that most readers would rather that this not happen. Nyxem is likely to have spread to many users, who would have got the nasty malware if they opened a mail attachment promising free porn.

Like many recent viruses, Nyxem tries to spread by making people open attachments on e-mail messages that are infected with the destructive code.

The subject lines and body text of the various messages Nyxem uses vary, but many falsely claim that pornographic videos and pictures are in the attachments.

On infected machines the virus raids address books to find e-mail addresses to send itself to.

The virus also tries to spread by searching for machines on the same local network as any computer it has compromised.

Starting on the 3rd of February, and continuing each month, the virus is set to overwrite 11 different types of file on infected machines. These are as follows:

DMP - Oracle files
DOC - Word document
MDB - Microsoft Access
MDE - Microsoft Access/Office
PDF - Adobe Acrobat
PPS - PowerPoint slideshow
PPT - PowerPoint
PSD - Photoshop
RAR - Compressed archive
XLS - Excel spreadsheet
ZIP - Compressed file

The destructive power of this virus is somewhat puzzling, in an age where malware writers have turned their hand to scams that make money, rather than cause chaotic destruction. Nevertheless, the threat of Nyxem highlights again the need for up to date anti-virus software, as well as keen vigilance when reading mails and opening attachments. But then, you all knew that already.




User Comments: 14

Got something to say? Post a comment
sjps220 said:
Thanks for the heads up, I will be doing a full scan now! :) I have yet to get a major virus and I don't want to start now. I use AVG free edition and I haven't had any problems with it yet so I assume it's good.
cyrax said:
Ouch, i feel sorry for people who gets caughts with this. These are the file types that often hold invaluable work material. Make sure you all back up your stuff.
Need_a_Dell said:
Yikes! Although I don't open emails promising porn, but I will scan my HD just to be sure I didn't get it somehow. Thank you techSpot for the insightful overview of the virus and it's consequences!
MonkeyMan said:
Oh man, this is possibly the most devastating virus ever created!!!! the ability to trigger itself on software at a given date!!!!!!! that is crazy, insane, mindboggling. The destructive power of this virus is going to make a huge impact on the way security is handled. I believe we are on the verge of a wave of virus attacks, and this is just the first of them.
djleyo said:
i think some of them started to work early since i work in tech supp for an isp company***we got at least 5 cases of cx getting office program completly removed from their computer ***i even went usin citrix go to assit to check cx computer and yeah the icons are there but no access since i havent got to much info and we dont support this issue told cx to just reinstall ms officei better check mi machinne!!!!
Vaulden said:
Hrm... I've not heard of this one before. I'm generally not worried about viruses. I know how to protect myself... but rar, zip, doc, xls, pdf files all gone? I'm going to make sure I'm clean of this one. I'm going to have to notify my friends and family as well, as I don't know of anyone that can afford to lose those types of files.As for AVG, I've found in some places that it does protect against Nyxem and it's variant(s). However, I cannot confirm this at Grisoft's site.
swker98 said:
how are these virus's spreding iiif we know about them alredy, whos making these and is stupid enoph to tell the media
nathanskywalker said:
[quote]The subject lines and body text of the various messages Nyxem uses vary, but many falsely claim that pornographic videos and pictures are in the attachments.p[/quote]Well, think i'll be okay ;)But ouch.....[quote]DMP - Oracle filesDOC - Word documentMDB - Microsoft AccessMDE - Microsoft Access/OfficePDF - Adobe AcrobatPPS - PowerPoint slideshowPPT - PowerPointPSD - PhotoshopRAR - Compressed archiveXLS - Excel spreadsheetZIP - Compressed file[/quote]Now that would hurt big time. I mean, there goes your whole flipping office, out the window into uncharted cyberspace. Dang that would bite.
gamingmage said:
Geez! That much!?!? Thankfully I know for a fact that I don't have it and I hope none of you guys do. Seriously though, why would people open thoughs emails? For those who don't know whether or not they have it...HAPPY VIRUS HUNTING!!!
Kaleid said:
Here's what I did to solve the problem. Compressed all files that are effected with WinAce to .ace format. Of course going to make sure that antivirus definitions are up to date and like always not open files that come through email if I'm not sure what they are. It's unlikely that I'll get fooled to open these files anyway..[Edited by Kaleid on 2006-01-30 21:39:47]
taffia77 said:
[b]Originally posted by MonkeyMan:[/b][quote]Oh man, this is possibly the most devastating virus ever created!!!! the ability to trigger itself on software at a given date!!!!!!! that is crazy, insane, mindboggling. The destructive power of this virus is going to make a huge impact on the way security is handled. I believe we are on the verge of a wave of virus attacks, and this is just the first of them.[/quote]I said when news of nyxem first come about that this was a return to the good ol' days. Have a look at these[url]http://en.wikipedia.org/wiki/Jerusalem_Virus[/url]
url]http://en.wikipedia.org/wiki/Michelangelo_%28virus%29[
url][url]http://vil.nai.com/vil/content/v_249.htm[/url]Flo
py disk was the preferred way to spread these babies, but don't forget that was by far and away the most common way to store and transfer data even ten years ago.
JMMD said:
Let's hope the word is spread enought that the average user is going to take some measures to avoid being infected. I'm still amazed at how easily e-mail virus' spread in this day and age. Even at tech companies where you would think the users would have a little more knowledge, those infected e-mails are still opened.
Phantasm66 said:
[b]Originally posted by swker98:[/b][quote]how are these virus's spreding iiif we know about them alredy, whos making these and is stupid enoph to tell the media[/quote]They don't tell the media. Security experts reverse engineer the code, and work out what it does.
fury said:
I'm protected by NOD32 and Mozilla Thunderbird. ;)
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.