English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

02 Mar Nyxem alert status raised David

06 Feb Nyxem.e status to green Roel

03 Feb Surviving Nyxem.e Costin Raiu

01 Feb Nyxem.e's dreaded 32 bytes Costin Raiu

25 Jan Watch out for Nyxem.e Costin Raiu

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Virus Watch|Nyxem alert status raised

David
Kaspersky Lab Expert
Posted March 02, 14:02  GMT
Tags: Nyxem
0
 

We're raising the alert status on Nyxem.e from green to orange. This is not based on any sudden upsurge in infections. Rather, it's because we're approaching the trigger date for the worm's destructive payload: you may recall that it erases data on the 3rd of every month. Treat this as a friendly reminder, and check that your anti-virus protection is up to date.

Comment      Link

Virus Watch|Nyxem.e status to green

Roel
Kaspersky Lab Expert
Posted February 06, 11:50  GMT
Tags: Nyxem
0
 

We have decided to change the alert for Nyxem.e from red (severe risk) to green (informational).

There are still probably quite a few infected machines out there. However, as the destructive payload will only activate when a machine is (re)booted on the 3rd of each month, the direct danger is gone, for now.

Comment      Link

Virus Watch|Surviving Nyxem.e

Costin Raiu
Kaspersky Lab Expert
Posted February 03, 15:49  GMT
Tags: Nyxem
0
 

More than 24 hours have passed since the Nyxem.e activation date for this month and it's been pretty quiet. We have received a small amount of support calls regarding the worm, but they have mostly been from people wanting to know more, how to stay protected and how to make sure their systems are clean.

To this hour, there hasn't been a single call to report Nyxem.e damage in our US, UK, BNL and Russian support departments. Of course, with the nature of the payload, it may take a few days for some people to notice it, but we're confident that thanks to the major efforts from ISP's, universities and governmental institutions around the world, the situation is under control.

We'll continue to monitor how things are developing and post any updates on the situation.

Comment      Link

Virus Watch|Nyxem.e's dreaded 32 bytes

Costin Raiu
Kaspersky Lab Expert
Posted February 01, 12:30  GMT
Tags: Nyxem
0
 

Somewhere, deep inside Nyxem.e's 100K+ body, there is a dreaded block of 32 bytes. On the 3rd of every month, exactly 30 minutes after the infected system is started, Nyxem.e will use this block to overwrite all *.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd and *.dmp files on your disks.

Once this has happened, your 6MB presentation for the CEO, your vacation pictures and all the RAR and ZIP backups will look like this:

Or, in ASCII:

With the activation date drawing near, just make sure your system is not infected. Unlike GPCode, once the payload has hit, the chances of you getting your data back will be practically zero.

Comment      Link

Virus Watch|Watch out for Nyxem.e

Costin Raiu
Kaspersky Lab Expert
Posted January 25, 12:04  GMT
Tags: Nyxem
0
 

We've just issued an alert for Nyxem.e, due to the number of reports we've been receiving for the past few days but also because of its destructive payload which activates on 3rd of every month.

According to our data, the outbreak seems to be more or less localized. We are still receiving reports from countries such as the US and Germany, but the number of reports from (eg.) Russia is becoming very small.

With the public Nyxem.e counter having well passed 1,000,000 hits at the moment, there is no doubt that some people will have unpleasant surprises on 3rd of February. If you do not have an antivirus installed, you can use the Kaspersky free online scanner to check for a Nyxem.e infection before it's too late.

Comment      Link