Nyxem.E - email/network virus with destructive payload on 3rd day of month
There are now over 600,000 users who have been infected with this new virus. It contains a DESTRUCTIVE payload that will be executed on the 3rd day of the month.
Some of the email messages and attachments use inappropriate languge, and this new destructive threat can be avoided. As a best practice, email and websites of this nature should always be avoided. Still, it is a "network walker" and can spread to PCs that openly share folders or hard drives, so that one copy of this in an organization could be dangerous.
Nyxem.E - Information Storm Center - Latest Information
Nyxem.E - Information Storm Center - Contains several AV Vendor links
Nyxem.E - Fortinet provides an EXCELLENT analysis
File Deletion Dangers -- On the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents (*.doc, *.xls, *.ppt, *.pps), PDF files, .zip and .rar archives among others.
Active X Dangers -- The code uses an ActiveX control to reference the file "WinZip_Tmp.exe". Additionally, the virus will modify the "desktop.ini" configuration file to point to an infectious "Temp.htt" HTML file to launch the virus. The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered "safe" and digitally signed." The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy