Select Page

CAIDA, the Cooperative Association for Internet Data Analysis, has provided an extensive writeup on the BlackWorm/Kama Sutra/Nyxem email virus

While email viruses and worms are a ubiquitous part of the online environment, Nyxem was relatively rare in that newly infected hosts connect once to a single website, providing a single source of information about the infected population.

Of more critical interest to those infected, the virus also contained a malicious payload designed to overwrite files with certain extensions on the 3rd of every month (beginning February 3, 2006). Affected file types include: .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, and .dmp.

We estimate that between 469,507 and 946,835 computers in more than 200 countries were infected by the Nyxem virus between January 15 23:40:54 UTC 2006 and Wednesday February 1 05:00:12 UTC. At least 45,401 of the infected computers were also compromised by other forms of spyware or bot software.

Really good reading if you’re interested in this virus.  Link here.

Alex Eckelberry
(Hat tip to Gadi Evron)