Nyxem.E - email/network virus with destructive payload on 3rd day of month

  There are now over 600,000 users who have been infected with this new virus.  It contains a DESTRUCTIVE payload that will be executed on the 3rd day of the month.

Some of the email messages and attachments use inappropriate languge, and this new destructive threat can be avoided. As a best practice, email and websites of this nature should always be avoided.  Still, it is a "network walker" and can spread to PCs that openly share folders or hard drives, so that one copy of this in an organization could be dangerous.

Nyxem.E - Information Storm Center - Latest Information

Nyxem.E - Information Storm Center - Contains several AV Vendor links

Nyxem.E - Fortinet provides an EXCELLENT analysis

File Deletion Dangers -- On the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents (*.doc, *.xls, *.ppt, *.pps), PDF files, .zip and .rar archives among others.

HTT File Modification -- The virus will modify the Desktop.htt configuration file which controls how Active Desktop is displayed to user systems. The change is to launch a copy of the virus as C:\WinZip_Tmp.exe whenever Windows loads the Active Desktop (Windows start up). The virus appends JavaScript code to Desktop.htt

Active X Dangers -- The code uses an ActiveX control to reference the file "WinZip_Tmp.exe". Additionally, the virus will modify the "desktop.ini" configuration file to point to an infectious "Temp.htt" HTML file to launch the virus.  The virus is coded to register the dropped ActiveX control through changes to the system registry. By creating the following registry entries, the control is considered "safe" and digitally signed."  The threat of worms like this will make them much more dangerous in the future. If a worm puts a fake CA certificate on an infected machine, MITM attacks become extremely easy