Computer Worm Threatens Major Destruction Friday
Tuesday, January 31, 2006
NEW YORK — Friday may be D-day, as in "destruction day," for millions of Windows computer users.
That's the day a notably pesky e-mail worm, variously called "Nyxem.E," "CME-24," "BlackWorm," "Mywife.E," "KamaSutra" and "VB.bi," among other names, is set to detonate its deadly payload.
Once activated, the worm will corrupt all documents on a infected machine with the following file extensions: .dmp, .doc, .mdb, .mde, .pdf, .psd, .ppt, .pps, .rar, .xls and .zip.
That means almost all files created using Microsoft Word, Microsoft Excel or Microsoft PowerPoint could be lost forever, as well as "raw" Adobe Photoshop files, PDF files used by Adobe Acrobat and competing PDF readers, and several kinds of database and compression files.
Hundreds of thousands of Windows machines are believed to have already been infected, mostly in India, Peru, Turkey and Italy, said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp.
The worm also tries to disable anti-virus software that is out of date, Hypponen said. Thus, users should make sure their software is turned on and has the latest definitions, generally available for free from the software vendor's Web site.
F-Secure also has created free removal tools for two different versions of the worm, available here and here.
"If you are infected, and you find out about it today, you still have time to get rid of the virus," Hypponen said.
Nyxem.E hasn't spread as far or as fast as many recent e-mail worms. But worms these days are generally meant to help spammers and hackers carry out attacks, not destroy files, so the impact this time may be more severe.
Microsoft Corp. issued an advisory Tuesday warning customers about the worm, which affects most versions of Windows.
Users should be safe if they have the latest anti-virus software or if their computers are set with limited privileges, a common setting in larger organizations.
They are vulnerable if they, like many small business and home users, leave their computers set with full administrative rights.
Users should also check the date on the computer. The worm hits the third of every month, so if the computer's local calendar settings are off, Hypponen said, files may be destroyed sooner or later, even if the computer is never turned on Friday.
I am practically hyperventilating, lol! How do I protect myself? Everything on my comp is expired AND I spent all morning trying to fix my darn internet connections.... something really wierd happened to my mozilla and I finally got it fixed... now this? YIKES! Help! LOL!