More on Blackmal/Grew/Nyxem (file deletion payload)
Following up on Bojan's story from Wednesday, F-Secure posted a bulletin today with their analysis of the current variant.  The interesting (or is it scary?) part of this analysis is the revelation that on the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents (*.doc, *.xls, *.ppt, *.pps), PDF files, .zip and .rar archives among others.  They also report that based on a counter on a web page that the worm updates, there are in excess of 400,000 machines infected at this time.

Jim Clausing, jclausing /at/
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022


423 Posts
ISC Handler
Jan 20th 2006

Sign Up for Free or Log In to start participating in the conversation!