Robin Arnfield, newsfactor.com
Microsoft has published a security advisory to warn Internet users about a worm that could destroy their documents on February 3.
While other companies have identified the worm by several names -- including Kama Sutra, Blackworm, Nyxem-D, and W32.Blackmail.E -- the Redmond, Washington-based software firm is calling the worm Mywife, and has said that it is a variant of the Win32/Mywife.E@mm virus.
"The mass-mailing malware tries to entice users through social-engineering efforts into opening an attached file in an e-mail message," the Microsoft advisory states. It tries to make an intelligent guess regards what the user is likely to be sexually tempted by, then goes on to write an email attempting to lure the user into opening the alleged 'pictures' of 'mywife', 'these pictures of you', etc.
"If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system's address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords. Never open mail or operate as 'administrator'" it goes on to say.
Purely Malicious
Microsoft is warning that on the third day of each month, starting February 3, the Mywife worm will attempt to destroy common document files. The advisory indicates that the malware also modifies or deletes files and registry keys associated with certain security-related applications.
"Unlike most viruses, which have some financial objective, such as stealing Internet-banking passwords or using the victim's PC to send spam, this worm is purely malicious," said David Perry, antivirus software firm Trend Micro's global director of education. "It is as if its creators just want people to sit up and take notice of them."
Perry said that Trend Micro's free virus-scanning service on its Web site -- used by those who do not have the company's security tools installed on their PCs -- had identified 26,000 computers that were corrupted with the Mywife worm, along with 184,000 infected files.
"Other antivirus vendors are reporting hundreds of thousands of computers infected with Mywife, and one security research firm, SANS Institute, is even claiming the number is over two million," Perry said.
Threat Assessment
Perry also said that, compared to recent outbreaks, Mywife is not a major threat. Stacey Quandt, Aberdeen Group's research director of security solutions and services, agreed.
"Since most businesses use antivirus software and understand the risk of clicking on a link in an e-mail, the threat that this worm poses is minimal," Quandt said. "However, the risk is certainly higher for any organization or consumer that does not currently use antivirus software or is not aware of the risks of executables in an e-mail."
"Will I be infected, or will someone in my organization be infected?" asked Russ Cooper, senior information analyst at security firm Cybertrust.
"The simple fact is that, if you are infected with this one, you were probably infected with something else -- likely a Sober variant -- before. That's because there's nothing special about this one that we haven't been seeing in so many worms over the past 18 months."
Cooper said a user has to double-click on a .PIF, .SCR, or .ZIP file to get infected with the worm. "If .ZIP, then you have to further double-click on the .PIF or .SCR it contains," he said. "Further, for you to get infected, you have to have stopped your antivirus from running," Cooper said. "All antivirus applications have been detecting this since virtually the first day it was discovered." With .PIF, .SCR, and .ZIP files, our suggestion is if you are not expecting one, then just ditch it, zap it on the spot without further examination. "What this variant has going for it is that it 'social engineers' people who are tempted by p*rn."
Copyright 2006 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at