Antivirus firms are warning of a destructive Windows worm that will begin wiping files on infected PCs this Friday. 'Nyxem.e' has been spreading via infected emails and network shares.
On the third of each month the worm will activate 30 minutes after the computer is booted up and overwrite all files with the extensions DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP. Corrupted files contain the text 'DATA Error [47 0F 94 93 F4 F5]'.
The emails containing the malware use a variety of social engineering hooks to get the recipient to activate the worm, predominantly of a sexual nature.
Email headers include 'School girl fantasies gone bad' and 'Fwd: Crazy illegal Sex!', while the attachment, a 95KB PE EXE file written in Visual Basic, is usually labelled 'photo.pif' or 'word_document.uu'.
"This worm is not new but it continues to spread and has a damaging payload. We want to urge all computer users to update their antivirus protection before the first trigger date on 3 February," said David Emm, senior technology consultant at Kaspersky Labs UK.
Nyxem.e also tries to deactivate antivirus software and can disable the mouse and keyboard of infected machines to make it harder to delete.
The worm was first discovered on 16 January and has been variously named Blackworm, MyWife, Kama Sutra, Grew and CME-24.
Privilege escalation bug already being exploited in the wild
NASA's Voyager 2 probe set to reveal secrets of space beyond the heliosphere as it goes interstellar
The probe is now more than 18 billion kilometres from Earth, with equipment enabling it to reveal some of the secrets of interstellar space
Four glaciers located west of massive Totten glacier have lost almost three metres of ice in height since 2008
Ceres, located in the asteroid belt, has a carbonaceous-rich upper crust, SwRI study claims