Nyxem virus set to bite next week

Nyxem will erase important files from hundreds of thousands of infected PCs on 3 February and may also cause a traffic spike as it propagates itself

Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Nyxem virus.

The Nyxem virus was first reported on 16 January. It is thought to have infected more than half a million PCs, and security vendor Ironport warned on Thursday that these machines are now hard-coded to propagate the virus on 3 February.

Companies will be unlikely to be directly affected if they are running up-to-date antivirus software because the major antivirus vendors have now released patches. But Ironport warned that firms could experience secondary effects as the virus tries to propagate itself by harvesting email addresses on an infected machine.

"The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional email and network traffic, and possible slow down email response time," said Jason Steer, technical consultant at Ironport.

Security company F-Secure has reported that Nyxem.E reached the top position in its virus statistics with 21.7 percent of all reported infections. On Saturday the Web counter used by the Nyxem worm itself showed over 510,000 infections and continued to rise, according to F-Secure.

Once active, Nyxem will delete all Word, Excel, PowerPoint, and PDF file types from a compromised PC. The multi-faceted malware will also attempt to propagate itself both through email and as a network worm, which can be particularly damaging on closed networks.

"Nyxem is certainly malicious. It can be delivered via email, but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible," said Steer.

The malware hides in attachment types not typically blocked by attachment filters, IronPort said.

The Internet community will not know the scale of the February attack until it occurs. "It depends on how many hosts are infected," said Steer. "At the moment it's just sitting there quietly, and we won't know how many home users have been infected until 3 February."

Businesses should warn their employees not to open suspicious emails, and to know what these emails may look like. "The subject lines may contain some references to pornography — fairly typical stuff," said Steer.

"Be vigilant. Update your antivirus patches, and make sure your hard-disk has been scanned to detect and remove the virus," he added.

Nyxem has the potential to cause havoc throughout the year, as infected PCs are set to activate on the third day of every month, unless they are cleaned up.