02 Mar Nyxem alert status raised David
06 Feb Nyxem.e status to green Roel
03 Feb Surviving Nyxem.e Costin Raiu
01 Feb Nyxem.e's dreaded 32 bytes Costin Raiu
25 Jan Watch out for Nyxem.e Costin Raiu
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
We're raising the alert status on Nyxem.e from green to orange. This is not based on any sudden upsurge in infections. Rather, it's because we're approaching the trigger date for the worm's destructive payload: you may recall that it erases data on the 3rd of every month. Treat this as a friendly reminder, and check that your anti-virus protection is up to date.
We have decided to change the alert for Nyxem.e from red (severe risk) to green (informational).
There are still probably quite a few infected machines out there. However, as the destructive payload will only activate when a machine is (re)booted on the 3rd of each month, the direct danger is gone, for now.
More than 24 hours have passed since the Nyxem.e activation date for this month and it's been pretty quiet. We have received a small amount of support calls regarding the worm, but they have mostly been from people wanting to know more, how to stay protected and how to make sure their systems are clean.
To this hour, there hasn't been a single call to report Nyxem.e damage in our US, UK, BNL and Russian support departments. Of course, with the nature of the payload, it may take a few days for some people to notice it, but we're confident that thanks to the major efforts from ISP's, universities and governmental institutions around the world, the situation is under control.
We'll continue to monitor how things are developing and post any updates on the situation.
Somewhere, deep inside Nyxem.e's 100K+ body, there is a dreaded block of 32 bytes. On the 3rd of every month, exactly 30 minutes after the infected system is started, Nyxem.e will use this block to overwrite all *.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd and *.dmp files on your disks.
Once this has happened, your 6MB presentation for the CEO, your vacation pictures and all the RAR and ZIP backups will look like this:
Or, in ASCII:
With the activation date drawing near, just make sure your system is not infected. Unlike GPCode, once the payload has hit, the chances of you getting your data back will be practically zero.
We've just issued an alert for Nyxem.e, due to the number of reports we've been receiving for the past few days but also because of its destructive payload which activates on 3rd of every month.
According to our data, the outbreak seems to be more or less localized. We are still receiving reports from countries such as the US and Germany, but the number of reports from (eg.) Russia is becoming very small.
With the public Nyxem.e counter having well passed 1,000,000 hits at the moment, there is no doubt that some people will have unpleasant surprises on 3rd of February. If you do not have an antivirus installed, you can use the Kaspersky free online scanner to check for a Nyxem.e infection before it's too late.