[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 3 February 2006, 18:04 GMT
'Limited' damage from Nyxem virus
Spread of Nyxem-E infections, F-Secure
Nyxem-E caught out PC users all over the world
Early reports suggest damage has been light from the destructive Nyxem virus.

The Windows virus was set to start deleting popular file types on 3 February and was known to have infected more than 300,000 machines.

But computer security groups in nations where Nyxem infections were high said few users lost data because of the bug.

Experts speculated that the publicity prior to Nyxem's trigger date may have prompted people to clean up machines and prepare defences.

Lost files

Computer security companies have been sounding the alarm about Nyxem-E since 16 January when the virus first appeared. Nyxem-E is also known as Blackworm, MyWife, Kama Sutra, Grew and CME-24.

Since then anti-virus and mail filtering firms have caught millions of copies of the bug which is a variant of a malicious program that debuted in March 2004.

Unlike many more recent viruses, Nyxem-E is destructive and is timed to delete files in 11 popular formats it found on infected machines. A timer inside the malicious program set it to start deleting on the third of every month.

DMP - Oracle files
DOC - Word document
MDB - Microsoft Access
MDE - Microsoft Access/Office
PDF - Adobe Acrobat
PPS - PowerPoint slideshow
PPT - PowerPoint
PSD - Photoshop
RAR - Compressed archive
XLS - Excel spreadsheet
ZIP - Compressed file
But as the early hours of 3 February unrolled, national computer security organisations reported few problems. Security firm Network Box said as the day progressed it was catching fewer and fewer copies of the bug.

Security researchers had a very good idea of where the infections were concentrated because every compromised PC reported in to a website associated with the virus. In total more than 300,000 computers reported they had been infected.

According to early analysis of the statistics, infections were highest in India, Peru and Italy. Later work suggested Malaysia too could be hard hit.

One of the few reports of damage came from Milan's city government which shut down its computer network to clean up the infection.

But the Indian chapter of the Computer Emergency Response Team said it was getting a lot of calls for information about Nyxem-E but no-one was reporting data losses.

Similarly, computer security workers in Australia, Hong Kong and Japan said damage was light to non-existent.

Speaking on Friday afternoon, Itsuro Nishimoto, an executive at Tokyo-based computer security company LAC Corp, said: "It's well past the deadline but we haven't confirmed any cases of the Kama Sutra in Japan, which suggests we're not looking at a major outbreak."

Similar reports came from Hong Kong.

"Our assessment of the worm damage is 'not serious'," said Roy Ko from Hong Kong's national computer security co-ordination centre.

1) India - 37%
2) Malaysia - 23%
3) Indonesia - 9%
4) Thailand - 5%
5) Philippines - 4%
6) United Arab Emirates - 3%
7) Singapore - 3%
8) United States - 2%
9) Peru - 2%
10) Sri Lanka - 1%
Source: Network Box
He added: "Big corporations will surely be able to avoid it if they update their anti-virus software frequently enough. We're more worried about individual users and small businesses."

Analysis by mail filtering firm MessageLabs suggested that the number of infected machines pumping out copies of the virus had fallen to about 20,000 from the earlier high.

MessageLabs said the publicity surrounding the worm had led many to clean up computers prior to the trigger date. Its figures suggested that more than 11,000 computers were getting disinfected every day during the last week.

The virus is thought to have racked up a significant amount of victims because it falsely promised pornographic pictures and movies to those that opened attachments on e-mail messages it used to travel in.

Some of these messages managed to slip through defences because they were disguised as unusual types not typically associated with viruses.

Anti-virus companies urged people to update their security software and to use removal tools if they were unlucky enough to fall victim to the bug.

What to do if you want to avoid the virus

Countdown for Windows virus
30 Jan 06 |  Technology
Close e-crime 'doors' firms told
25 Jan 06 |  North East Wales
New year brings fresh security fears
27 Jan 06 |  Technology
PC viruses hit 20 year milestone
20 Jan 06 |  Technology
Zombie PCs target vulnerable sites
19 Jan 06 |  Technology
Microsoft rushes out Windows fix
06 Jan 06 |  Technology


The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific