Content

Half-million PCs infected by porn worm

More than 500,000 PCs have been infected by the Nyxem worm, which is set to enter its next stage on Feb. 3.

Also known as the Kama Sutra Worm, the Nyxem is set to disable security software next month, experts said this week. It can also delete files, forge the user's email address, download code from the internet and reduce system security.

Called Nyxem.E by F-Secure, the worm spreads by promising users pornography, numerous security companies said.

"If the worm keeps this pace, Friday the 3rd of February might be nasty – that's when the destructive payload is programmed to strike for the first time," said Mikko Hypponen, chief research officer at F-Secure, on the firm's security weblog.

The company upgraded the worm to its "radar level 2" late last week. It also pointed out that the malware increases a counter on a website every time it new PC is infected.

Emails containing the worm, called W32/Nyxem-D by Sophos, generally contain profanity and claim to carry a number of sexually explicit pictures and movies.

W/32 Nyxem-D may attempt to display an icon in the Windows taskbar with the text 'Update Please wait' if it detects the presence of anti-virus software," Sophos warned on its website. "(It) may also attempt to close windows, terminate programs, remove registry entries and delete files related to security and anti-virus programs."

The SANS Institute's Internet Storm Center also pointed out that the worm will delete some Microsoft Office files.

"The interesting (or is it scary?) part of the analysis is the revelation that on the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents, PDF files, .zip and .rar archives among others," said SANS' Jim Clausing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.