Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: More on Blackmal/Grew/Nyxem (file deletion payload) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More on Blackmal/Grew/Nyxem (file deletion payload)
Following up on Bojan's story from Wednesday, F-Secure posted a bulletin today with their analysis of the current variant.  The interesting (or is it scary?) part of this analysis is the revelation that on the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents (*.doc, *.xls, *.ppt, *.pps), PDF files, .zip and .rar archives among others.  They also report that based on a counter on a web page that the worm updates, there are in excess of 400,000 machines infected at this time.

Jim Clausing, jclausing /at/
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS San Antonio: Virtual Edition 2021


423 Posts
ISC Handler
Jan 20th 2006

Sign Up for Free or Log In to start participating in the conversation!