The iWorld

———————————————————————–
Imp Update : checkout my another recent important post on solution to virus and worm removal and speeding up your winxp pc
———————————————————————–

BBC has reported countdown for blackmal virus for windows… The virus, also known as Nyxem worm, is expected to attact computers in India and Peru on February 3rd, 2006.

There is a security response for this Blackmal virus from Symantec ….

Blackmal Worm/Nyxem virus mainly travels as email attachment in different forms. Nyxem virus uses mail addresses stored in the addressbook on the compromized targeted system. This work spreads itself further using its own smtp engine and thus moves as email attachment to all computers through those email addresses.

Blackmal worm / Nyxem-E virus is made to attack all compromized computers on the 3rd of every month starting from February 3rd of 2006.

As soon as the blackmal worm file that comes as email attachment gets executed, it modifies registry run section to load automatically on the next startup.
The registry modification are reported to take place as below :

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
ScanRegistry = scanregw.exe /scan

W32.Blackmal.E@mm virus is also reported to copy itself as one of the following

%System%Winzip.exe
%System%scanregw.exe
%System%New WinZip File.exe
Zipped Files.exe
%System%WINZIP_TMP.EXE
%System%Update.exe
%Windows%Rundll16.exe
%System%SAMPLE.ZIP
movies.exe

The nature of the blackmal virus is highly destructive. The virus will attack all sorts of user files with extension .doc , .pdf , .xls , .zip , .ppt , …etc.

Nyxem-E virus spreads on Windows 95,Windows 98,Windows 2000,Windows NT and Windows XP. Blackmal will also attack any antivirus application present on the system thus making the computer more vulnerable for future attacks.

Blackmal is reported to have its own SMTP engine and will thus spread through shared network and mass mailing process.