Blackworm Virus Alert…

Over the last week, “Blackworm” infected about 300,000 systems. It is so far known as Blackmal, Nyxem, MyWife, Tearec among other names. This worm is different and more serious than other worms for a number of reasons. In particular, it will overwrite a user’s files on February 3rd and then the 3rd day of every month.

At this point, the worm will be detected by up-to-date antivirus signatures. To protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) antivirus signatures. Note, however, that this malware attempts to disable/remove any antivirus software on the system (and does this every hour while the system is up), so if the machine was infected before signatures were deployed, obviously, that antivirus software can’t be expected to clean up the infection for you.

The worm spreads via e-mail attachments or file shares. Once a system in your network is infected, it will try to infect all shared file systems it has access to. You may see a new “zip file” icon on your desktop. It will disable most antivirus products and delete them. The worm will e-mail itself using various extensions and file names. It will add itself to the list of auto-start programs in your registry.

For more and up-to-date information on the virus, please visit Internet Storm Center.

Please tell as many people as you could about this virus, so their computers does not get infected by this virus…


  1. James Bright said,

    January 30, 2006 at 2:31 am

    That is very frightening!
    Can we get infected even if we have norton or such kind of anti virus protections?

  2. silverine said,

    January 30, 2006 at 7:10 am

    Thanks for the info. I have sent it out to all my friends.

  3. Alexis Leon said,

    January 30, 2006 at 9:54 am

    James: If your antivirus signature file is current (23rd Jan or later), then the antivirus will catch the virus. But if have not updated the antivirus recently, the I suggest, updating the antivirus program and scan the harddisk. Also don’t open any suspecious attachments (with extension like .pif) even if it is from a trusted source. The Internet Storm Center, that I mentioned gives a link to a Microsoft article, which tells how to detect an infection and what to do to remove the virus and protect your computer and data.

    Silverine: Thank you very much. I got the information from an old friend and co-author (a Prof. at Baylor University, USA), who is a part of the Crisis Emergency Response Team there. Since we don’t have any such agency, he wanted the names of ISPs, organizations, media, etc. and also wanted to spread the word through informal channels.

  4. anu said,

    January 30, 2006 at 2:10 pm


  5. James Bright said,

    January 30, 2006 at 11:51 pm

    see this link..!

  6. -poison- said,

    February 1, 2006 at 3:21 pm

    i am going to do a scan now…good thing tht i read this b4 feb 3..thanks

  7. -poison- said,

    February 1, 2006 at 8:53 pm

    🙂 i am not infected!

  8. Katey said,

    March 9, 2006 at 7:24 pm

    I have done a full scan using my antivirus program and it has found nothing, yet my internet browser is acting funny and I keep getting this message that says I need to download this scan thing because my computer has the blackworm virus…is it for real?

  9. Alexis Leon said,

    March 9, 2006 at 9:41 pm

    Katey: If you have scanned your machine using an up-to-date antivirus program, and if it says not infected, then it most probably is not infected. The messages you get on your browser saying “Your computer is at risk” and so on are just annoying pop-ups. EIther stop visiting such sites or block the pop-ups. Go and check any of the links mentioned above and you will get specific filenames that the virus installs on your machine. You can search for those filenames, just to make sure that the machine is not infected.

  10. Kassy said,

    March 27, 2006 at 3:36 am

    Katey, I’ve gotten that popup before too. DO NOT DOWNLOAD OR PAY FOR THAT SOFTWARE! I did not pay for the software, but I did download it and when I did, my AdAware program found 74 new items of spyware. I don’t know what happens when you pay, but I wouldn’t recommend giving them a credit card number.