web mail login:
Please fill in your email address and password to login
email address:
password:
 
 
About Seven Point The Seven Point Process Website design and web solutions web hosting from Seven Point A stong portfolio from Seven Point Some of our clients. Contact Seven Point

Blackworm Virus 		  Seven Point Featured Web Site Design

  Download Utility

The Blackworm virus, is also known as Nyxem, Blackmal, Hunchi, Mywife or Blueworm. Its interesting that so many Anti-Virus vendors chose to use "worm" as part of the name considering its not a worm at all. This virus spreads in a .SCR (windows screensaver) or .COM (command) file that is attached to an email with a heading that leads the computer user to believe there will be either adult content or a fix for Blackworm attached. In the case of the adult content ruse, the name of the attachment is one of about a dozen that at a quick glance may appear to be video files bearing the extension MPEG, with underscores at the end of the file name in an attempt to hide the real .SCR extension. Another type of email sent by the virus looks like a very official notice from Norton AntiVirus informing you that one or more of your friends has been infected with the blackworm virus. The email will have FIX_BLACKWORM.COM attached either directly or in SCAN.ZIP or SCAN.TGZ

17Ag_double_s*ck__part[2].MPEG_.scr
April_FromTexas.MPEG_.scr
Video_briefcase_Group[13].MPEG_.scr
Julia_1997_F*cking.MPEG_.scr
juanita_in_the_kitchen.MPEG.scr
After_2AM_small_room[4].MPEG__.scr
Graham_Hilton_Sex[4].MPEG__.scr
WebCam_12girls_A**.mpeg_.scr
Shakira_A*al_very_old.MPEG.scr
why_f*ck_a*al_back.MPEG.scr
open_girl_21year.MPEG.scr
Ricky_Gay_a**.MPEG______________.scr
GrahamCluley_freakin_A**_.MPEG__.scr
Sexual_Crimes.MPEG____.scr



As expected the subject of the email isn't much of a variation from the file name, they try to evoke the suggestion that pornography will be displayed within without actually tripping most spam filters, or simply say "Fw: Virus Alert," the body of the message is also semi-random and can be made up of several different strings, also generally dealing with adult content, or the email from Norton.

FW: (-S*cking-)
FW: File - WebCam.mpeg
FW: **Hot Movie**
Re: Why? Form Back.mpg
FW:RE: Least *21* Years
Re: Double s*ck (movie
FW:Re:Hot Erotic
very hot XXX
Video Clip
RE: FW: Women Mpeg
A**ses Mpeg's
FW: Lesbian & gays Mpeg
Fw: My Funny A**
<<~SEX~>> TeenRapers.mov



Once the virus has been installed by a user double-clicking the attached file in hopes of viewing the video or cleaning his system, a window saying "Error loading mouse The specificed module could not be found." with only an OK button to be pressed will appear. Quickly the virus copies itself into several places all over the hard drive, including inside ZIP and TGZ archives in the \Windows system folder. Two startup keys are added to the registry to silently start the virus each and every time Windows is started.


The wormiest part of this "worm" is how it spreads once it has infected your PC. Email addresses are collected from .HTM and .DBX files, and your Yahoo! messenger profile, if you have one. It also has the ability to spread to open network shares by copying itself to the hard drive of another machine on your LAN. But the user still has to willfully execute the file on his machine for the infection to actually take place.


As if all this wasn't bad enough, the worm also tries to delete the executable files of several well known Anti-Virus programs Such as Norton, McAfee, and Trend Micro. And when its not trashing all of your DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, and ZIP files the virus is also trying to knock a couple of sites off the internet by flooding them with traffic and saturating your internet connection in the process.


The suspected date of activation for the virus when it will actually delete your documents is said to be the 3rd of every month, so the next date to watch out for is Feb 3rd, make sure you've done a complete virus scan before then, with updated detection rules, and don't open any strange and unexpected attachments from anyone, not even people you know. The virus has been programmed to not just delete files with those extensions, but actually replace the files with blank ones using the same name, so even your backups might become worthless. To throw gas on the fire it also does this to every drive letter attached to your system, including network drives if you have the access.


In an effort to reserve more RAM and processor time for itself the Blackworm also deletes the startup keys for several programs, including many other virii and worms. Most email servers, including those here at Sevenpoint.net screen for files with the .SCR and .COM extension and generally refuse to allow them passage in general.


NPROTECT
ccApp
ScriptBlocking
MCUpdateExe
VirusScan Online
MCAgentExe
VSOCheckTask
McRegWiz
McVsRte
PCClient.exe
PCCIOMON.exe
pccguide.exe
PccPfw
PCCIOMON.exe
tmproxy
McAfeeVirusScanService
NAV Agent
PCCClient.exe
SSDPSRV
Taskmon
KasperskyAv
system.
msgsvr32
Windows Services Host
Explorer
Sentry
ssate.exe
winupd.exe
au.exe
OLE



If you suspect that you might be infected with Blackworm, please visit this site to download a utility that can help you clean your system.

www.f-secure.com		  
 
   
   
company | process | web solutions | hosting | the work | our clients | contact | home Copyright ©2005 Seven Point