Dissecting Nyxem: New dog, same old tricks.

There has been some real buzz concerning a new virus in the wild, Nyxem. While it employs the same old tricks virus coders have been using for years, it has a new nasty ending. Let’s discuss Nyxem (aka Mywife, Blueworm, BlackMal) and see what kind of risk we are really looking at.

How does this work?

The short answer is “same old, same old”. It uses all the same time tested techniques we’ve come to love. The long answer is well….longer and can be summed up with the following checklist.

  • Comes as an email attachment? Check
  • Mass mailing to your contacts? Check
  • Drops multiple copies of it’s self? Check
  • Changes the registry to start it’s self at boot? Check
  • Tries to disable your anti virus? Check
  • DoS attack? Right on

An in depth description can be found here but up until this point, everything about this virus is pretty routine. It looks like the writer has paid close attention to what has worked in the past and incorporated multiple methods and attacks. So if it is so routine, why so much concern?

Why is it different?

Most of the more successful viruses these days keep it pretty simple. They usually have a single, moderately malicious goal. Clogging up email systems is a common one. Denial of service is a classic. Zombie net anyone? Even installing malware/spyware for profit is becoming common. But Nyxem goes a step further and succeeds in striking fear in the hearts of us all. It wants to delete your files. How dare it!
Part of this virus, the real nasty part will indeed search for and delete any files with the extensions .doc .xls .mdb .mde .ppt .pps .zip .rar .pdf .psd and .dmp. This pretty much covers the standard office suite and any zip files you may have. That could be a ton of crucial data, and on the 3rd of every month it’s going to be looking to remove it from your hard drive. Yeah, that’s a bad piece of software. But before you start panicking lets look at what you can do to mitigate the risk.

Lots of bark, not a lot of bite
While the outcome of Nyxem and its variants is pretty scary, the probability of it actually deleting files off your PC is pretty low. That is of course as long as you follow a few of the basic computing best practices.

  1. AV software — Make sure it’s up to date. This has been ground in to everyone for years and is usually a no brainer. This is a known virus and the destructive action takes place once a month. If you are up to date, chances are you are safe.
  2. Know your email — This viruses like so many before it, propagates through an email attachment. Email providers and developers alike have been combating this method pretty well for some time now. Most email clients limit or remove executable attachments by default or at the very least do not let them execute. Up stream from your home should be even safer. Any reputable email service should be scanning for viruses, and blocking malicious attachments on the back end. This alone should stop a large percentage of email based nasties.
  3. Backups — If you are doing the right thing, you should have a recent backup of any important files. We’re all backing up ….right?

Keep one eye open
No virus is a trivial matter and only through due diligence and common sense can we begin to keep our data safe from malware. With that being said I would defiantly categorize Nyxem and variants as a high risk, low probability threat for home users and even lower for corporate users. The chances of getting struck by lightening are pretty low….but if it happens be sure to have your rubber shoes on.

Author: Larry Hinz

Your email:  
subscribe unsubscribe  

Leave a Reply

You must be logged in to post a comment.