The W32/Nyxem-D, also known as Blackworm, CME-24, Grew, Kama Sutra, MyWife and Nyxem-E, was designed to pillage Adobe Acrobat, Oracle, PhotoShop, RAR/ZIP, Microsoft Office, Excel, Access, PowerPoint and Word files, as well as disable firewalls, steal email addresses and mail itself to users’ contact lists.
Friday also was when the worm was expected to disable keyboards, forcing a restart and potentially disabling anti-virus software, as well as create Windows registry key values that cause an OCX file to be trusted so that anti-virus warnings do not pop up.
Although W32 was believed to have infected hundreds of thousands of computers, early warnings published by Microsoft and several security companies apparently allowed enough time for most victims to clean up their systems.
The only government to report infection came from Italy but with minimal fanfare. The Italian government reported Friday it had shut down about 10,000 infected computers to allay any possibility of damage but reported no loss of data.
Back in the U.S., reports from top security firms like Sophos Labs and VeriSign iDefense were surprisingly sedate, though some experts warned the real test of the Kama Sutra would not come until after the work week, when more users will be on the computer from home.
“It's been fairly quiet thus far,” Mikko Hypponen, chief research officer at security firm F-Secure, said. “But we won't know the full impact until this weekend, or early next week, after home PC users start booting up their infected machines.”
