Current virus a timebomb: explodes this week

Current virus a timebomb: explodes this week

The "timebomb" virus slated for detonation this week was written primarily to cause extensive damage and has the potential to wreak havoc in large, networked environments like enterprises.

Initially on February 3, and on the third of each month after, the Nyxem virus (Sophos W32/Nyxem-D) is designed to automatically overwrite files such as the access database, .doc files as well as Excel and Powerpoint files (.pps and .ppt) in infected computers and also spread via network connections.

While most antivirus companies released a specific fix nearly two weeks ago, a common trait of the virus is disabling or corrupting antivirus programs.

Sean Richmond, senior technical consultant with antivirus firm Sophos, said only a small number of infected computers had been discovered so far. Richmond said from the behaviour of the virus to date, it looks like it was designed by someone throwing a tantrum - not as a specific and malicious tool.

"Nyxem is not designed for financial gain, nor does it offer more advanced techniques like buffer overflows ... it appears to be just an attempt to do damage and I don't know whether it was designed by someone wanting to be a nuisance," Richmond said.

"It does not install remote access tools or open backdoors which is far more common nowadays with people attempting to get control of system; all Trojans spammed out lately aim at hooking into IRC and allowing remote control.

"It is a bit rare and unusual to see viruses deleting files, because it draws too much attention."

Adam Biviano, Trend Micro senior systems engineer said the virus is designed to be activated on the third of every month and release the payload.

Biviano said the virus represents a shift away from malicious code carrying benign payloads towards something even they have not seen in sometime: destroying data to create real damage.

"This is nothing new, a timebomb in a virus, is by no means a new technique," Biviano said.

"The Michelangelo virus in the 90s waited for a specific annual date to do damage, but I have not seen any behave like this for some time. It also saves itself on the hard disk with a filename that looks familiar to the user, or masks itself as a common application."

For more information go to

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments