bobby ::...Crv ce svakog 3. u mesecu brisati fajlove...
A treci februar je blizu...jedno od resenja je treceg u mesecu raditi krace od 30 minuta po "podizanju" sistema
A dangerous email worm deletes data from infected machines on the 3rd of
every month
Kaspersky Lab, a leading developer of secure content management
solutions that protect against viruses, Trojans, worms, spyware, hacker
attacks and spam, warns users against Email-Worm.Win32.Nyxem.e, which
potentially poses a serious threat. This malicious program spreads via
the Internet as an attachment to infected messages, and also in files
placed on open network resources. It's estimated that hundreds of
thousands computers around the world are infected, and the number of
infected machines is continuing to increase.
Nyxem.e's payload is triggered on the third of every month, when the
worm will destroy data saved on the victim machine. The worm regularly
checks the system time. When the system data is the third of the month,
30 minutes after the victim machine is booted, Nyxem will delete
information from common file formats, replacing data with a meaningless
set of symbols.
"Internet watchdogs are confirming Kaspersky Lab statistics - that is,
significant numbers of computers are infected with Nyxem.e. February 3,
2006 could turn out to be a very difficult day with unprotected users
losing data and the Internet community at large suffering from heavy
traffic", predicts Eugene Kaspersky, Head of Research and Development at
Kaspersky Lab. "All users should avoid launching email attachments that
have not been scanned. They should also update their antivirus
databases and then scan their computers to make sure that their machines
are Nyxem free."
The worm itself is a Windows PE EXE file, approximately 95KB in size.
The file arrives attached to an email which will have one of about 25
different subjects. The message body and attachment name will also vary,
being chosen from among 20 possible variants, and this makes it more
difficult to instantly identify an infected message.
The worm is activated when the user opens the attachment. Once the worm
has been launched, it creates a Windows ZIP archive which will have the
same name as the attachment, and then opens it. When installing itself
to the system, the worm copies itself to the Windows root and system
directories under a range of names. It also registers itself in the
system registry, ensuring that the worm will be launched each time
Windows is rebooted on the victim machine.
The worm sends itself to email addresses harvested from the victim
machine. In order to do this, it establishes a direct connection with
the recipient's SMTP server. It also copies itself to shared network
resources on the victim machine. This increases the spread of its
potential reach.
The worm terminates processes connected with security solutions, and
prevents them from being launched. Nyxem.e is also capable of
downloading updates to itself via the Internet.
Detection for Email-Worm.Win32.Nyxem.e has been added to Kaspersky Lab
antivirus database updates. More detailed information about Nyxem.e is
available in the Kaspersky Virus Encyclopedia^
http://www.viruslist.com/en/viruses/encyclopedia?virusid=109064.
Kaspersky Labs Corporate Communications
|