Government warns of virus attack to PCs
New Delhi, Mar 2: The Indian Computer Emergency Response Team (CERT-In), working under the Department of Information Technology (DIT), has warned of a computer virus attack which is destructive in nature and is being activated on every third day of a month.
The worm called Nyxem, a memory resident mass mailing and its variants, is spreading in the wild to attack Microsoft Windows systems. The worm propagates by sending an e-mail attachment to target users. It also spreads through network shares. Upon activation, it replaces the content of user's files and reduces the size of all user data files to 1KB. The worm has aliases such as W32.Blackmal.E@mm, W32/Kapser.A@mm, W32/MyWife.d@MM, Win32/Blackmal.F, WORM_GREW.A [Trend Micro], Win32/Blackmal.F [Computer Associates], and Nyxem.e (F-secure) When a user clicks on the attachment it gets executed and performs the following actions. Drops and opens a .ZIP archive with the same name in the Windows system folder to hide its functionality.
It then copies itself to the system folder with the filenames: scanregw.exe, Winzip.exe , Update.exe,movies.exe, and Zipped Files.exe The worm also copies itself to the Windows folder with filenames: Rundll16.exe, and WinZip_Tmp.exe. It creates the registry entry to enable its automatic execution at every system startup and hides files with both system and read-only attributes.
It also deletes the files related to anti-virus applications It attempts to spread to network shares with weak passwords The emails sent by the worm uses some obscene subject lines, message content and attachments such as ''forwarded message'', ''forwarded message attached'', ''hello'', ''Helloi attached the details'' ''how are you?'', ''i just any one see my photos'' ''i send the details'', ''i send the file,'' It's Free: ''Note: forwarded message attached. You Must View This Videoclip! ''Please see the file. Thank you'', ''The Best Videoclip Ever'' and ''the file i send the details''.
CERT has advised users to scan the system to check infection of the worm by running removal tools as referred on CERT-In website (Virus Alert). install and maintain updated anti-virus software, block e-mails with the subjects and attachments mentioned above at the e-mail gateway level.
It block suggested to executable and unknown file types at the e-mail gateway, send and receive e-mails in plain text, keep backup of all important data files and to apply appropriate security updates at OS and application level.
Computer users were warned: Do not open suspicious e-mails. Do not open mail if it has some funny subject/attachment. Exercise caution while opening email attachments. Do not visit un-trusted websites. Do not download and install software of unknown origin.