विज्ञप्तियां उर्दू विज्ञप्तियां फोटो निमंत्रण लेख प्रत्यायन फीडबैक विज्ञप्तियां मंगाएं Search उन्नत खोज
RSS RSS
Quick Search
home Home
Releases Urdu Releases Photos Invitations Features Accreditation Feedback Subscribe Releases Advance Search
home  Printer friendly Page home  Email this page
English Release 19-September 2014
Date Month Year
  • President's Secretariat
  • Speech by The President of India, Shri Pranab Mukherjee at the banquet hosted in honour of the President of The People’s Republic of China, H.E. Mr. Xi Jinping
  • Prime Minister's Office
  • PM condoles the passing away of renowned musician Uppalapu Shrinivas
  • Min of Petroleum & Natural Gas
  • Global crude oil price of Indian Basket was US$ 96.17 per bbl on 18.09.2014
  • Ministry of Water Resources
  • Storage Status of 85 Important Reservoirs of the Country as on September 18, 2014

Previous Date

 
Ministry of Communications & Information Technology02-March, 2006 11:33 IST
DIT warns of new computer virus worm

The Indian Computer Emergency Response Team (CERT-In), working under the Department of Information Technology  (DIT)  has warned of a computer virus worm which  is very destructive in nature and is being activated  on every third day of the English Calendar month.   The worm called Nyxem,  a memory resident mass mailing and its variants, is spreading in the wild to attack Microsoft Windows systems. The worm propagates by sending an e-mail attachment to target users. It also spreads through network shares. Upon activation,  it replaces the content of user's files and reduces the size of all user data files to 1KB.  The worm has aliases such as W32.Blackmal.E@mm, W32/Kapser.A@mm, W32/MyWife.d@MM, Win32/Blackmal.F, WORM_GREW.A [Trend Micro], Win32/Blackmal.F [Computer Associates], Nyxem.e (F-secure)

 

How the worm works

 

When a user clicks on the attachment it gets executed and performs the following actions.

 

·         Drop and open a .ZIP archive with the same name in the Windows system folder to hide its functionality.

·         Copies itself to the system folder  with the filenames: scanregw.exe, Winzip.exe , Update.exe,movies.exe, Zipped Files.exe

·         Also copies itself to Windows folder with filenames: Rundll16.exe, WinZip_Tmp.exe

·         Create the registry entry to enable its automatic execution at every system startup

·         Hides files with both System and Read-only attributes

·         Deletes the files related to anti-virus applications

·         It attempts to spread to network shares with weak passwords

 

Nature of Subject and content of e-mail/attachments

 

·         The emails sent by the worm uses some obscene subject lines, message content and attachments as detailed  below.

 

Subject:   Mostly this contains obscene languages/ titles

 

Message body: (any of the following)

 

• forwarded message    • forwarded message attached.       hello,     • Helloi attached the details.        how are you?      • i just any one see my photos.      • i send the details.

 • i send the file.      • It's Free :)      • Note: forwarded message attached. You Must  View This Videoclip!      • Please see the file.      • Thank you       • The Best Videoclip Ever       • the file i send the details      • VIDEOS! FREE! (US$ 0,00)      • What?

 

Attachment: (any of the following)

 

    • 007.pif       • 3.92315089702606E02.UUE      • 392315089702606E-02,.scR 

    • 392315089702606E-02,UUE{spaces}.scR      • 677.pif       • ATT01.zip.sCR

    • Attachments00.HQX      • Attachments001.BHX      • Attachments[001],B64.sCr

    • Attachments[001].B64      • Clipe,zip.sCr      • document.pif       • DSC-00465.pIf

    • eBook.PIF        • eBook.Uu       • image04.pif       • New Video,zip  

    • New_Document_file.pif       • Original Message.B64         • photo.pif

    • Photos,zip.Scr          • School.pif       • Video_part.mim      • WinZip,zip.scR

    • WinZip.BHX      • WinZip.zip.sCR      • Word XP.zip.sCR      • Word.zip.sCR

    • Word_Document.hqx      • Word_Document.uu  

 

Do's

   

·         Scan the system to check infection of the worm by running removal tools as referred on CERT-In  website (Virus Alert)

·         Install and maintain updated Anti Virus software

·         Block e-mails with the subjects and attachments mentioned above at the e-mail gateway level

·         Block executable and unknown file types at the e-mail gateway

·         Send and receive e-mails in plain text

·         Backup all important data files

·         Apply appropriate security updates at OS and application level

 

Don’ts   

 

·         Do not open suspicious e-mails

·         Do not open mail if it has some funny subject/attachment

·         Exercise caution while opening email attachments

·         Do not visit un-trusted websites

·         Do not download and install software of unknown origin

 

For further information refer to CERT-In Virus Alert

http://www.cert-in.org.in/virus/nyxem_e-worm.htm

 

Contact CERT-In Incident Response Help Desk for any queries and help

 

Email : incident@cert-in.org.in

Tel.    : 1800 11 4949 (Toll free)

FAX   : 1800 11 6969 (Toll free)

 

RM/AMA – 020306 Virus


(Release ID :16084)

Web Ratana This site is winner of Platinum Icon for 'Outstanding Web Content' Web Ratna Award'09 presented in April 2010
Site is designed and hosted by National Informatics Centre (NIC),Information is provided and updated by Press Information Bureau
"A" - Wing, Shastri Bhawan, Dr. Rajendra Prasad Road, New Delhi - 110 001 Phone 23389338
Go Top Top

उपयोग संबंधी शर्तें स्वोत्वाधिकार नीति गोपनीयता संबंधी नीति हाइपरलिंकिंग नीति Terms of Use Copyright Policy Privacy Policy Hyperlinking Policy