There is a new virus/worm that is set to be released on February 3rd, 2006 (Friday). Although all users have protective anti-virus software and are protected by a firewall and filters, all users should be aware of this so they can protect themselves not only here, but at home as well.
This virus has many names (listed below) but is commonly called the Kama Sutra Worm.
Also known as Win32.Blackmal.F, Win32/Cabinet!Worm, WORM_GREW.A (Trend), W32/Nyxem-D (Sophos)
Once active, it will try to delete all Word, Excel, PowerPoint and PDF file types from a compromised PC and all shared network drives. The multifaceted malicious software will also attempt to propagate itself, both through e-mail and as a network worm.
AS ALWAYS, if you see a suspicious email please DELETE IT and DO NOT OPEN IT!!! Our email filters block hundreds of emails coming into our institution as SPAM or Junk Email everyday but occasionally these emails can slip through.
Virus Information Pages : Nyxem.D
Possible Subjects:
Re: Sex Video
Re:
Fw: Picturs
Fw: Funny
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Fw:
Fw: SeX.mpg
Fwd: Crazy illegal Sex!
Fw: DSC-00465.jpg
eBook.pdf
Hello
Fw: Real show
the file
Word file
School girl fantasies gone bad
Hot XXX Yahoo Groups
A Great Video
F***in Kama Sutra pics
ready to be F****D
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
VIDEOS! FREE! (US$ 0,00)
Part 1 of 6 Video clipe
Miss Lebanon 2006
You Must View This Videoclip!
Possible Message bodies:
What?
Note: forwarded message attached.
forwarded message attached.
i attached the details.
Thank you
hi
i send the details
bye
how are you?
i send the details.
OK ?
Please see the file.
i just any one see my photos.
The Best Videoclip Ever
Some message bodies contain empty image files which may be labeled with one of the following file names:
DSC-00465.jpg
DSC-00466.jpg
DSC-00467.jpg
photo
photo2
photo3
Attachment:
The worm attaches a copy of itself to the e-mail it sends out.
Possible attachment names:
New_Document_file.pif
document.pif
007.pif
eBook.PIF
DSC-00465.Pif
Payload
The worm has a dangerous payload. If the date is equal to 3 (3rd of February, 3rd of March, etc) and the worm's UPDATE.EXE file is run, it destroys files with those extensions on all available drives:
*.doc
*.xls
*.mdb
*.mde
*.ppt
*.pps
*.zip
*.rar
*.pdf
*.psd
*.dmp