News
News
1/20/2006
02:32 PM
50%
50%

New Kama Sutra Worm Corrupts Microsoft Documents

A new worm that already accounts for one in every 15 pieces of malicious code carries a "nuclear option" payload that corrupts data.

A new worm that already accounts for 1 in every 15 pieces of malicious code carries a "nuclear option" payload that corrupts data in a slew of popular file formats, a security company warned Friday.

The Nyxem.e worm, said Finnish security firm F-Secure, carries code that instructs it to replace data in files with .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, or .dmp extensions with the useless string "DATA Error [47 0F 94 93 F4 K5]" on the third of the month.

This list includes the native document formats for Microsoft Word, Excel, PowerPoint, and Access, as well as for Adobe PhotoShop and Acrobat.

Nyxem.e is similar to the VB.bi/Blackmal/MyWife.d worm that climbed the charts earlier this week, added F-Secure, which said that the new worm accounted for almost 7 percent of all intercepted viruses in the past 24 hours.

The worm arrives as an attachment to e-mail messages with a variety of subject headlines, many of which tout porn with phrases like "Arab sex," "give me a kiss," "Hot Movie," and "F***** Kama Sutra pics." It also tries to delete selected security software, and can spread through shared folders as well as by hijacking addresses from infected PCs.

F-Secure raised its alert level on Nyxem.e to "2," the first time the Helsinki-based anti-virus company has used that high a warning since December's Windows Metafile vulnerability broke into the news.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.