NYXEM/BLACKWORM/KAMASUTRA - WORM REMOVAL AND PROTECTION INSTRUCTIONS - CLICK HERE

Worm set to delete data files on February 3 - Addict3d.org Jan 23 2006 7:00PM GMT [Computer security news - news headlines from around the web.]

  While the most high-profile security vulnerability of late was almost certainly the WMF hole recently patched by Microsoft, in terms of actual numbers of infections it was barely a blip on the radar. According to the anti-virus company F-Secure, one of the most populous and dangerous infections today is not some sophisticated bit of code exploiting a new and exotic security hole, but an old-school e-mail worm written in Visual Basic that spreads by tempting users with free pornography.

  The worm, named Nyxem.E, was discovered on January 20. It spreads by convincing users to open an executable attachment in their e-mail, tempting them with subject lines such as "Arab sex DSC-00465.jpg," "Miss Lebanon 2006," or "School girl fantasies gone bad." The executable, when run, checks to see if there are any common anti-virus programs running, and if so disables them. It inserts itself into the Windows registry in the standard places such as Software\Microsoft\Windows\CurrentVersion\Run so that it will run on startup, then scans the users' hard drive for any e-mail addresses it can find to send itself off to the next victim. It also attempts to spread via network shares.

Source: http://arstechnica.com/news.ars/post/20060123-6028...