“CME-24,” “BlackWorm,” “Mywife.E” Virus

HUMM thumbnail
20th Anniversary Thumbnail Dazzler Thumbnail + 3
Posted: 19 years ago
#1

If you have computer files you'd rather not lose, now is a good time to make sure your anti-virus software is up to date A new worm out in the open promises to corrupt common file types such as ".doc," ".pdf," and ".zip."

In fact, thousands of machines are already believed to be infected, mostly in India, Peru, Turkey and Italy.

The worm, known as "CME-24," "BlackWorm," "Mywife.E" or a number of other monikers, even tries to disable anti-virus software that is out of date. Some variations refer to the ancient Kama***** in order to attract attention and convince victims to open.

The virus causes the keyboard and mouse to freeze up and then disables anti-virus programs when the computer is restarted, leaving a machine vulnerable to hacker attacks. The attack is scheduled to begin at midnight on February 3.

Users should be safe if they have the latest anti-virus software. They should also check the date on the computer. The worm hits the third of every month, so if the computer's local calendar settings are off, files may be destroyed sooner or later, even if the computer is never turned on Friday.

For a free Black Worm removal tool, visit www.quickheal.com

Via.: MumbaiMirror


My advice plz.. don't panic, nothing to worrry abt 😃😃😃 Chillax! Don't worry!, just make sure to update your anti-virus and download the patch and read my next posts.


Created

Last reply

Replies

17

Views

3.7k

Users

17

Frequent Posters

HUMM thumbnail
20th Anniversary Thumbnail Dazzler Thumbnail + 3
Posted: 19 years ago
#2
News

Black Worm Hits India hard.
January 30, 2006

It has been observed that the Black Worm also known as W32.Vb.i or W32.Nayem.E has been actively spreading in India since last two weeks now. It's a mass-mailing worm that also spread using remote shares. After a long gap there has been an outbreak kind of situation as this worm was successful in spreading all over the globe within few hours when it first appeared over the Internet. The reason why the worm was so successful in spreading all over is just because it spreads by creating a mime encoded compressed executable with a different extension (.HQX, .BHX), which didn't had any kind of header to classify the file. As a result the mail gateway scanners were not able to decode the attachment and scan the infected files. This is why the worm got skipped even though the mail severs have updated anti-virus scan engines. Many of the leading AntiVirus software's had to do some changes to their scan engine to make the scanners decode the file and scan for the infected attachment.

AntiVirus Quick Heal form India was the first anti-virus to detect this worm when it first hit the net according to the report generated and published by PC-Wallet Magazine, Germany. According to PC-Wallet, Germany the worm was first caught and detected on 16th January 2006 at 10:00 (GMT) by Quick Heal AntiVirus. For more details on outbreak response time of various other anti-virus software's world wide check at:

http://www.pcmag.com/article2/0,1895,1916880,00.asp

According to US based LURHQ the leading provider of Threat and Vulnerability Management services this worm has hit hard to countries like India, Italy and Peru with high number of infection rates. Among it India is the hardest hit country by far in terms of overall infection rate till today. Live statistics of infection rate per country can be found on their web site at http://www.lurhq.com/blackworm-stats.html

This worm attaches itself to e-mail messages as an executable file with various different names and occasionally this worm compresses itself by ZIP and encodes the compressed file by mime encoding and then attaches the encoded file to the e-mail messages.

The worm has several network spreading routines. One of them enumerates all available shares, then reads the values of the registry key where personal documents and recently opened files are stored. It copies itself to such folders by the file name with executable extension of the same name as the document in that folder. The worm also copies itself to network shares with the same name. This worm once active first tries to delete the popularly known international anti-virus folders (e.g. Norton AntiVirus, McAfee, Trend etc.)

This worm has a dangerous payload, it will delete all the documents, worksheets, presentations, database files and compressed backup files from the system on every 3rd day of the month. This is very serious payload considering that the worm has spread all over India and the first payload day of 3rd February is arriving very soon. We recommend all our users to have their AntiVirus updated, up and running. All the Quick Heal users are already protected from this worm from day one.

For computer users not having Quick Heal we have a special Black Worm removing tool freely available from our website http://www.quickheal.co.in/public/alerts/i-worm.VB_Bi .asp

JinK thumbnail
20th Anniversary Thumbnail Rocker Thumbnail + 4
Posted: 19 years ago
#3
Thanks Sunny 😃 Though I wouldn't open anything like that 🤢
Prestigious thumbnail
19th Anniversary Thumbnail Dazzler Thumbnail Fascinator 1 Thumbnail
Posted: 19 years ago
#4
Thanks for an update on that, Sunny. 😊
🤢 Wouldn't wanna open something like that anyway..
Serial_Addict thumbnail
19th Anniversary Thumbnail Navigator Thumbnail
Posted: 19 years ago
#5
Thnkz...
Tho I dont open stuff like that anywayz..
but sorta scary...hitz febuary 3rd.. 😕
kitty468 thumbnail
19th Anniversary Thumbnail Dazzler Thumbnail
Posted: 19 years ago
#6
😕 😕 i wont do anything like that but it seems scary.
*shikha* thumbnail
19th Anniversary Thumbnail Voyager Thumbnail Engager Level 1 Thumbnail
Posted: 19 years ago
#7
thx for the info, sunny 😊
2shweeet thumbnail
20th Anniversary Thumbnail Voyager Thumbnail + 2
Posted: 19 years ago
#8
lolszzz...this is scaring da crap outta me....lolz..j/k....anyways....ewww....would NEVER open sucH stufff!!! 🤢 Fnx foh the infoo! 😃 😉
albusdumbledore thumbnail
19th Anniversary Thumbnail Dazzler Thumbnail + 2
Posted: 19 years ago
#9

[quote=rutvik]afiajfoajflafkj [/quote]

[quote=rutvik]gfgghhhhfhf [/quote]

Dear Mods,

Please look into these posts by newbies just to gain posts..... such posts should be disallowed.....

BTW your article made interesting reading......thanks.... also as you summed it all up in the last line ..... JUST KEEP YOUR FIREWALL AND ANTIVIRUS UP2DATE n ALL WILL BE FINE....

regards,

tejas

simrat91 thumbnail
20th Anniversary Thumbnail Dazzler Thumbnail
Posted: 19 years ago
#10
thank u soo much 4 the info....there so many creepz n weirdos out there....

Related Topics

Top

Stay Connected with IndiaForums!

Be the first to know about the latest news, updates, and exclusive content.

Add to Home Screen!

Install this web app on your iPhone for the best experience. It's easy, just tap and then "Add to Home Screen".