Porn worm disables security tools

By on

Security experts have warned users to be wary of unsolicited emails claiming to contain obscene pictures and sex movies. The Nyxem-D worm (also known as Email-Worm.Win32.VB.bi or W32.Blackmal.E@mm) can spread via email using a variety of pornographic disguises in an attempt to disable security software.

The email messages that contain the worm have variable subject lines, text and attachment names. Some examples of these are as follows:

Subjects: *Hot Movie*, Arab sex DSC-00465.jpg, Fw: SeX.mpg, Fw: Sexy, Fwd: Crazy illegal Sex!
Text body: F**kin Kama Sutra pics, Note: forwarded message attached. You Must View This Videoclip!.
Attachment: Adults_9,zip.sCR, Photos,zip.sCR, SeX,zip.scR, Sex.mim.

According to Sophos, the malware attempts to harvest other email addresses from the infected computer in an effort to spread itself further.

If a user runs the message attachment, the worm sends itself out by email using its own SMTP engine and creates several files on the computer with copies of itself, PandaLabs warned. At the same time, it tries to delete certain files related to security tools that it may find on the system. Moreover, on a computer in a network, it will try to delete files it finds in directories related to security applications - not only on the infected computer, but also on other networked computers it is able to access.

The worm also makes several Windows registry entries, both to disable security applications and to ensure it runs on every system at start-up.

"Malicious code alluding to erotic content continues to spread successfully. In fact, it is still the number one topic for social engineering. Epidemics such as those caused by the Kournikova, Nakedwoman or Hybris worms provide good examples of this," said Luis Corrons, director of PandaLabs.

"Companies should educate their users to practice safe computing - that includes never opening unsolicited email attachments and discouraging the sending and receiving of joke files, pornography and screensavers," added Graham Cluley, senior technology consultant for Sophos. "This worm feeds on people's willingness to receive salacious content on their desktop computer, but they could be putting their entire company's data at risk."

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?