NEWS FROM THE LAB - Thursday, February 2, 2006

Concerning the payload of Nyxem.E worm Posted by Alexey @ 12:27 GMT

As we warned before, the payload of Nyxem.E worm will activate tomorrow, on February 3rd, 2006 on all infected computers that have their clock set correctly.

We made a few additional tests with the worm in our test network environment. When the payload is activated, the worm enumerates all logical drives and damages files on them in a loop. So it should damage files on all drives that have a drive letter, including network drives. That's the theory. In practice, however, the worm failed to do so on network drives, at least in our test environment. Files on local and removable drives (including USB memory) were damaged by the payload.