Also known as Blackworm, CME-24, Grew, Kama Sutra, MyWife and Nyxem-E, among other names, the virus attempts to disable firewalls, steal email addresses and mail itself to users’ contact lists, using subject lines such as “Hot Movie,” “Arab Sex” and “Crazy Illegal Sex.”
But the real damage is yet to come, because the virus’ most destructive features are scheduled to launch on Feb. 3, according to security experts from VeriSign’s iDefense and Sophos Labs. That’s when it is expected to disable keyboards, forcing a restart and potentially disabling anti-virus software, as well as creating Windows registry key values that cause an OCX file to be trusted so that anti-virus warnings do not pop up.
“Companies should educate their users to practice safe computing,” Sophos Labs technology consultant Graham Cluley said. “That includes never opening unsolicited e-mail attachments and discouraging the sending and receiving of joke files, pornography and funny photographs and screensavers.”
The good news, according to Ken Dunham, a senior engineer with VeriSign iDefense, is that the counter the worm installs can be easily discovered by anyone investigating the worm, and current data indicates the worm has not reached epidemic proportions.
Still, Durham said that a lack of reliable information often leads to rampant anxiety about the potential effects of viruses like Blackworm.
“Slowly evolving threats like [Blackworm] often lead to increased fear, uncertainty and doubt without the help of an intelligence provider,” Dunham said. “It makes it almost impossible for some to get qualified research data on a worm when there is so much misinformation, aliases and other data available on the Internet.”
