The Blackworm (that’s one of the titles bestowed upon the latest Internet threat) is also known as Nyxem, Bluemal or even Blackmal, depending on the source in which you happen to be viewing. Of course this doesn’t matter, because we all know that what’s in a name does not matter. Besides, I’m sure that if you get caught by one of these, you’ll be coming up with your own colorful names for the worm. The good news is that Blackworm isn’t as wide spread as originally thought, and can it be stopped with most up-to-date antivirus software. The bad news is that if you do happen to contract this virus, it could potentially be one of most destructive things to happen to you or your small business’ PC this side of a structure fire.
The Blackworm is little different than other viruses we’ve seen come down the road lately. Usually the intention of the attacker is to steal something from the host systems, or use the host system as some sort of online puppet for their insidious endeavors. The Blackworm, however, wants no part of using your resources or stealing information. It has one purpose and that is to destroy.
The payload of the Blackworm is simple; it wants to search your system for any of the following file types (DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP) and destroy them. The Blackworm doesn’t just delete them either, it writes over the data. By writing over the data, Blackworm makes it virtually unrecoverable and since the file is still there in your system, you may not know that it is in fact corrupted data for some time. As you can see from the list of file extensions, the Blackworm is targeting very popular file types. For example, many from MS Office and Adobe.
Something else that’s a little off the beaten path is the fact that this virus is actually set to activate on a specific date which, just happens to be this Friday, February 3, 2006. I guess this gives you plenty of time to get up-to-date on the antivirus software and give your system the once over, which I highly recommend.
Although the virus payload is a little different than others, it infects and multiplies in almost the same fashion. That’s right, for the most part, this worm is coming in through e-mail attachments. These emails have all sorts of enticing subject lines from “Images of Kuma Sutra” to “Best Video Clip Ever.” Once in the system, the Blackworm searches for commonly used address book files looking for other potential victims to send itself off to. In addition, this worm will also try to spread itself to other systems through network shares, giving the virus the ability of infecting PCs that aren’t even online. The Blackworm also has the ability to disable and shutdown most of the antivirus software on the market, making it incredibly important to keep that antivirus software updated.
How to Stop and Recover from the Blackworm:
Well, as I mentioned earlier, the two best things anyone can do is to, of course, never open up e-mails from unknown sources, especially any attachments. You’re just begging for problems by doing that. The other thing is make sure your antivirus software is up-to-date. I can’t say it enough, mainly because it will stop the Blackworm dead in its tracks.
Now, if you do find that your system somehow got infected, you’re going to want to go out and download the F-Secure tool, called F-Force. F-Force is a cleansing tool that can remove the Blackworm from infected systems.
Just to reiterate, according to experts, on February 3, 2006, the Blackworm is going to spring to life and wreak havoc on system data, so do what you have to do before that time comes. If you have a clean system, this might be a good time to backup all your sensitive data as well.
If you follow the instructions, you shouldn’t’t have anything to worry about.
Once again, the F-Secure link is http://www.f-secure.com/tools/f-force.zip.
Until next week, stay safe out there,