विज्ञप्तियां उर्दू विज्ञप्तियां फोटो निमंत्रण लेख प्रत्यायन फीडबैक विज्ञप्तियां मंगाएं Search उन्नत खोज
RSS RSS
Quick Search
home Home
Releases Urdu Releases Photos Invitations Features Accreditation Feedback Subscribe Releases Advance Search
home  Printer friendly Page home  Email this page
English Release 26-July 2014
Date Month Year
  • Prime Minister's Office
  • PM hosts farewell dinner in honour of Gen. Bikram Singh
  • Prime Minister launches MyGov: A platform for Citizen Engagement towards Surajya
  • PM pays homage to martyrs on Kargil Vijay Diwas
  • Min of Comm. & Information Technology
  • MyGov: A portal for Citizen Engagement towards governance launched
  • Min of Defence
  • Army Celebrates Kargil Vijay Diwas at Dras
  • Min of Home Affairs
  • Clarification Regarding India’s Migration Policy
  • Ministry of Railways
  • Conference on Train Protection and Energy Management System Held
  • Min of Science & Technology
  • Dr. Jitendra Singh Inaugurates 'Expo-2014' Science Exhibition Says Science and Technology Developments Requires a Wider Exposure
  • Min of Youth Affairs & Sports
  • Minister of Youth Affairs & Sports, Sarbananda Sonowal congratulates Indian medal winners in commonwealth Games 2014

Previous Date

 
Ministry of Communications & Information Technology02-March, 2006 11:33 IST
DIT warns of new computer virus worm

The Indian Computer Emergency Response Team (CERT-In), working under the Department of Information Technology  (DIT)  has warned of a computer virus worm which  is very destructive in nature and is being activated  on every third day of the English Calendar month.   The worm called Nyxem,  a memory resident mass mailing and its variants, is spreading in the wild to attack Microsoft Windows systems. The worm propagates by sending an e-mail attachment to target users. It also spreads through network shares. Upon activation,  it replaces the content of user's files and reduces the size of all user data files to 1KB.  The worm has aliases such as W32.Blackmal.E@mm, W32/Kapser.A@mm, W32/MyWife.d@MM, Win32/Blackmal.F, WORM_GREW.A [Trend Micro], Win32/Blackmal.F [Computer Associates], Nyxem.e (F-secure)

 

How the worm works

 

When a user clicks on the attachment it gets executed and performs the following actions.

 

·         Drop and open a .ZIP archive with the same name in the Windows system folder to hide its functionality.

·         Copies itself to the system folder  with the filenames: scanregw.exe, Winzip.exe , Update.exe,movies.exe, Zipped Files.exe

·         Also copies itself to Windows folder with filenames: Rundll16.exe, WinZip_Tmp.exe

·         Create the registry entry to enable its automatic execution at every system startup

·         Hides files with both System and Read-only attributes

·         Deletes the files related to anti-virus applications

·         It attempts to spread to network shares with weak passwords

 

Nature of Subject and content of e-mail/attachments

 

·         The emails sent by the worm uses some obscene subject lines, message content and attachments as detailed  below.

 

Subject:   Mostly this contains obscene languages/ titles

 

Message body: (any of the following)

 

• forwarded message    • forwarded message attached.       hello,     • Helloi attached the details.        how are you?      • i just any one see my photos.      • i send the details.

 • i send the file.      • It's Free :)      • Note: forwarded message attached. You Must  View This Videoclip!      • Please see the file.      • Thank you       • The Best Videoclip Ever       • the file i send the details      • VIDEOS! FREE! (US$ 0,00)      • What?

 

Attachment: (any of the following)

 

    • 007.pif       • 3.92315089702606E02.UUE      • 392315089702606E-02,.scR 

    • 392315089702606E-02,UUE{spaces}.scR      • 677.pif       • ATT01.zip.sCR

    • Attachments00.HQX      • Attachments001.BHX      • Attachments[001],B64.sCr

    • Attachments[001].B64      • Clipe,zip.sCr      • document.pif       • DSC-00465.pIf

    • eBook.PIF        • eBook.Uu       • image04.pif       • New Video,zip  

    • New_Document_file.pif       • Original Message.B64         • photo.pif

    • Photos,zip.Scr          • School.pif       • Video_part.mim      • WinZip,zip.scR

    • WinZip.BHX      • WinZip.zip.sCR      • Word XP.zip.sCR      • Word.zip.sCR

    • Word_Document.hqx      • Word_Document.uu  

 

Do's

   

·         Scan the system to check infection of the worm by running removal tools as referred on CERT-In  website (Virus Alert)

·         Install and maintain updated Anti Virus software

·         Block e-mails with the subjects and attachments mentioned above at the e-mail gateway level

·         Block executable and unknown file types at the e-mail gateway

·         Send and receive e-mails in plain text

·         Backup all important data files

·         Apply appropriate security updates at OS and application level

 

Don’ts   

 

·         Do not open suspicious e-mails

·         Do not open mail if it has some funny subject/attachment

·         Exercise caution while opening email attachments

·         Do not visit un-trusted websites

·         Do not download and install software of unknown origin

 

For further information refer to CERT-In Virus Alert

http://www.cert-in.org.in/virus/nyxem_e-worm.htm

 

Contact CERT-In Incident Response Help Desk for any queries and help

 

Email : incident@cert-in.org.in

Tel.    : 1800 11 4949 (Toll free)

FAX   : 1800 11 6969 (Toll free)

 

RM/AMA – 020306 Virus


(Release ID :16084)

Web Ratana This site is winner of Platinum Icon for 'Outstanding Web Content' Web Ratna Award'09 presented in April 2010
Site is designed and hosted by National Informatics Centre (NIC),Information is provided and updated by Press Information Bureau
"A" - Wing, Shastri Bhawan, Dr. Rajendra Prasad Road, New Delhi - 110 001 Phone 23389338
Go Top Top

उपयोग संबंधी शर्तें स्वोत्वाधिकार नीति गोपनीयता संबंधी नीति हाइपरलिंकिंग नीति Terms of Use Copyright Policy Privacy Policy Hyperlinking Policy