Last Updated: 2006-01-23 22:13:35 UTC
by Bojan Zdrnja (Version: 1)
Although Nyxem is comparatively less spread then worms like Sober or Netsky, it's still doing a fair number of rounds.
The graph below is from one of the e-mail gateways with a decent number of e-mails processed daily (around 500.000+). You can see that Nyxem.E is the top malware instance detected in last 24 hours, with more than double the occurences then the next highest occuring worm (Netsky).
This is not strange as the Web counter that the worm visits upon infecting the machine currently shows around 630,000 infections (we can't be sure that this number is correct). Bert Rapp e-mailed us asking about the URL that the worm visits. This can help you in determining if a machine is infected, as it will visit the URL with the counter.
The counter is at:
h tt p:// webstats.web.rcn.net/ [REMOVED] / Count.cgi?df=765247
You can search your web logs for this host name (which looks as a legitimate site).
Other than that, Fortinet released their in-depth analysis of the Nyxem worm with some pretty interesting details (you can find the original analysis here).
The most interesting part, which I haven't seen in other analysis of the worm says:
"Additional Registry Changes
- The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered "safe" and digitally signed."
Last Updated: 2006-01-23 22:07:43 UTC
by Swa Frantzen (Version: 1)
Some of the response came from vendors, but the point of the article was to try to create awareness at the staff of those (third party) vendors, the salespersons working in shops, administrators and users of computers that there is no such thing as an invulnerable computer.
Some responses were pointers to tools on how to secure Mac OS X and that part does have merits to do a follow-up. Perhaps the security community needs to learn a bit more of Mac OS X. I count myself as one of those who still needs to learn more about OS X. One way to learn more is to know what is available.
So some recommendations from our readers:
- An anti-spyware program: MacScan
- A free virusscanner: ClamXav
- Some well known windows vendors have Mac OS X versions: Symantec, McAfee and Sophos
- Although OS X has a built in firewall, there are third party solutions for it such as Intego NetBarrier, Pliris Firewalk, Sustainable Softworks IPNetSentryX and Objective Development Little Snitch.
I'm actually sure there's more out there but we'll leave it as an excercise for our readers to find it for themselves.