Posted: 30th Jan, 2006 By: MarkJ
Easynet has issued warnings to customers that it believes could be infected by the Nyxem Virus, which is due to launch its attack on 3rd February 2006:
When a computer is infected by Nyxem, it visits an online Web counter that counts how many PCs have been infected. Easynet is monitoring traffic to this Web counter and sending a warning to every user that visits it, explaining that their machine could be infected.
Nyxem's payload will delete all Word, Excel, PowerPoint, and PDF file types from a compromised PC. The multi-faceted malware will also attempt to propagate itself both through email and as a network worm, which can be particularly damaging on closed networks.
"Nyxem is certainly malicious. It can be delivered via email, but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible," said Jason Steer, technical consultant at security company Ironport, on Thursday.On the one hand this is a clever move and we applaud Easynet's action, while on the other it's not something that could be applied to all viruses (most don't check an external website).
However the problem probably wouldn't even exist if the attachment had been correctly filtered out by the ISP before reaching users. Questions about how closely ISP's monitor their customers online activities could also be raised.
Never the less we strongly advise all readers to make sure that their software is updated and that any essential data be backed up. More @
ZDNet.