About: Nyxem.E   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Email-Worm.Win32.Nyxem.E is a worm that runs on Win32.

AttributesValues
rdf:type
rdfs:label
  • Nyxem.E
rdfs:comment
  • Email-Worm.Win32.Nyxem.E is a worm that runs on Win32.
  • Nyxem is a worm that spread in February 2003 written in Visual Basic with a very destructive payload. Most people are focused on the E variant. When the worm is first run, it drops a .zip file in the system directory and launches it in order to display an error message to distract the user. It also copies itself to the system directory under the following names: * New WinZip File.exe * scanregw.exe * Update.exe * Winzip.exe * WINZIP_TMP.exe In the Startup folder it copies itself as WinZip Quick Pick.exe. In the Windows folder it installs itself as rundll16.exe. with the text:
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Platform
  • Microsoft Windows
Name
  • Nyxem
Type
  • Email Worm
filetype
  • *Win32 PE executable
AKA
  • *Nyxem.e
Family
  • Nyxem
abstract
  • Nyxem is a worm that spread in February 2003 written in Visual Basic with a very destructive payload. Most people are focused on the E variant. When the worm is first run, it drops a .zip file in the system directory and launches it in order to display an error message to distract the user. It also copies itself to the system directory under the following names: * New WinZip File.exe * scanregw.exe * Update.exe * Winzip.exe * WINZIP_TMP.exe In the Startup folder it copies itself as WinZip Quick Pick.exe. In the Windows folder it installs itself as rundll16.exe. It uses the HKEY_LOCAL_MACHINE registry key to make sure it is run on startup. To spread through Email, the worm searches for files with the following extensions: * dbx * eml * htm * imh * mbx * msf * msg * nws * oft * txt * vc It mass-mails itself by connecting to the host's SMTP server. It also spreads through open network resources by copying itself as Winzip_TMP.exe The worm also makes an attempt to kill antivirus software. It uses the internet to download updates for itself, therefore it has a backdoor component. While doing the above, the worm disables mouse and keyboard input. A half hour after an infected computer is booted on the third of any month, the worm overwrites all files with the following extensions: * doc * xls * mdb * mde * ppt * pps * zip * rar * pdf * psd * dmp with the text: DATA Error [47 0F 94 93 F4 F5]
  • Email-Worm.Win32.Nyxem.E is a worm that runs on Win32.
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software