Email messages with risque subjects like “give me a kiss” and “school girl fantasies” have helped to spread the virus across about 300,000 computers worldwide according to a taskforce set up to monitor the threat.
The virus is known under several different names including Blackworm, Nyxem, CME-24, Blackmal, Kama Sutra and MyWife.
The Blackworm taskforce, which comprises a large number of security organisations, warns that although those with recently updated anti-virus and anti-spyware should be protected from attacks, the virus was built to disable a number of security packages. This means that those PCs that were already infected before the most recent anti-virus signatures were downloaded could still be vulnerable.
Once a PC is infected, the virus will replicate and send itself to all of the user’s email contacts and will then lie dormant until February 3. On this date it will begin destroying a wide range of files including Word, Powerpoint, Excel and Acrobat on infected machines. If it is not removed, it will attack again on the third day of each month going forward.
According to computer emergency response team AusCERT, the virus has attracted so much attention because it is the first to carry such a destructive payload for quite some time.
“Recent movement has been away from purely destructive worms towards for-profit viruses like keystroke loggers for and bot net clients,” said security analyst, Chris Horsley.
AusCERT has been tracking its frequency in Australia and said that based on worldwide infection figures, it estimated that about 1000 PCs in Australia would be affected.
“The worst affected regions are India, Peru and the US,” it said.
AusCERT recommends applying strong passwords to all user accounts, updated anti-virus and anti-spyware protection, and the use of a firewall.
Another way of avoiding the virus is to operate a PC under a limited account rather than administrator account because this means the malware doesn’t have access to the privileges needed to spread and execute, AusCERT said.