"There are a lot of people who are going to be very unhappy on the third of February . . . That's when the Kama Sutra computer worm will begin destroying critical files on infected computers. And hundreds of thousands of machines may have the worm lurking within their Windows operating system, ready to be unleashed on February 3 and the third of every month thereafter.†http://www.cnn.com/2006/TECH/internet/01/3...worm/index.html Time to update your security software, And BACK-UP!!!
You seem to have forgotten that computer worms were invented on Unix systems. Additionally, this kind of worm is a trojan horse in that it doesn't exploit a security hole unknown to the user, but actually infects the machine when the user invites it in by executing an email attachment. The security hole is the user in this case. Particularly clueless users who don't know any better. You'll lose a bit of that smugness if Linux and the Mac ever become the dominate OS used by most users, particularly the clueless ones. Right now the worm and virus writers don't target Linux because there isn't enough critical mass in order to propagate the virus/worm and the typical Linux user is generally technically savvy, while the typical Windows user is not technically savvy. But, if Linux ever reaches the point where your 80 year old grandmother is using it and opening email attachments with reckless abandon, then the virus/worm writers will shift their aim.
I've run a scan on my computers and they come up uninfected, but that's assuming that the 'infection' is well-known and covered by my anti-virus vendor (CA now, since it's free). I'm hoping for the best, since my main hard drives are using drivers that don't let Ghost back them up anymore, so if they get erased I start from scratch...
That's what they're telling Apple users, now that PC platforms could run Mac operating systems. Virus writers didn't buy Apples, but they'll buy (steal) operating systems that run on their existing hardware for new and different things to ruin...
True in part, for sure. But only in windows land do you mix a bunch of clueless people with an OS that defaults to VB active MS Word for email, and leaves security holes wide enough to drive a truck through to support MS's version of DRM and 'marketing analysis'. And I should probably give honorable mention to the default root login LOL. I was amazed the other day, when a person at work opened up Outlook, clicked on the compose button, and windows opened Word !
http://www.f-secure.com/v-descs/nyxem_e.shtml http://www.sarc.com/avcenter/venc/data/w32...moval.tool.html http://www.sophos.com/support/disinfection/nyxem.html The above links take you to the free removal tools currently available. The Symantec link (sarc.com) is the easiest for just downloading the tool without having to read first.
Thanks for the links - I've been frantically backing up my computers and updating virus protection for the last 3 days now.
You're welcome, I'm always glad to help in that regard. The Symantec tool takes quite a while to run and I'd close down all other programs while it does; especially the mail client. If I had to act fast and wanted to be sure, I'd buy a Seagate external drive, copy all of my important files to it, get TrueImage and make an image of the current hard drive, copy that to the external too, disconnect the external from the computer and shut the external off. Then I'd sit back and see if the worm actually was on my computer and did what they're warning us it could do. If not, everything's backed up and if so, then it's all protected. If the worm did it's work on my computer, I'd wipe the hard drive, reinstall everything, run TrueImage again so that I had a pristine environment to restore from then copy any files back to it when they're needed.
Just as a quick note, although initial reports indicated that the malware would traverse network-mapped drives and do damage to networked file systems, ISC's tests seem to indicate that the virus has no impact on mapped network drives or shares: http://isc.sans.org/diary.php?storyid=1090 Also, I think it is important to keep this in perspective. This particular threat (CME-24) isn't really that prolific (I know, tell that to the guy who loses his data!). In the grand scheme of things, it really isn't propogating any faster/better than other threats out there. Believe it or not, 600,000 infections isn't really all that many. Quite a few botnets that rely on similar malware propogation tactics grow much larger than 600,000 strong. CME-24 just has a different payload that strikes the most important thing to a user - their data. F-Secure provided a world map of infections, using data gathered from a webpage counter the virus accesses upon infection: http://www.f-secure.com/weblog/archives/ar...6.html#00000800 Of course, if this media story will get more people to backup their data, then by all means, hype it up! All I'm saying is, be aware and take precaution, but don't let it ruin your day because you're living in fear. TGIF.
