Also Known As: Mywife, Hunchi, I-Worm.Nyxem, Blackmal, Nyxem, Blueworm
Blackworm worm was first virus of 3 found on 20 January, 2006. The worm spreads in e-mails using an external SMTP engine. It sends itself with different subjects, body text and attachment names. The worm also copies itself multiple times to an infected hard drive with similar name as windows files in order to be hidden. Blackworm is designed to corrupt data on infected computers on every 3rd day of each month, in respect to The Day the Music Died. After corrupting the data of the computer it visits a webpage with tracking code, so it can be counted how many Systems has beeninfected, and over 300,000 unique IPs visited that site.
The most scary thing in this worm is, It can deletes your antivirus programs if they are installed in the same directories as the ones specified in the worm’s code. It can also delete the entries in the Windows Registry belonging to these antivirus programs,so antivirus applications will not be run automatically the next time Windows is started.
The worm also contains one GIF file which is used to make a recipient of infected e-mails think that the message was scanned by Norton Anti-Virus and no infection was found.
But its havoc ended soon and it gone off the records after October 26.
Blackworm worm was first virus of 3 found on 20 January, 2006. The worm spreads in e-mails using an external SMTP engine. It sends itself with different subjects, body text and attachment names. The worm also copies itself multiple times to an infected hard drive with similar name as windows files in order to be hidden. Blackworm is designed to corrupt data on infected computers on every 3rd day of each month, in respect to The Day the Music Died. After corrupting the data of the computer it visits a webpage with tracking code, so it can be counted how many Systems has beeninfected, and over 300,000 unique IPs visited that site.
The most scary thing in this worm is, It can deletes your antivirus programs if they are installed in the same directories as the ones specified in the worm’s code. It can also delete the entries in the Windows Registry belonging to these antivirus programs,so antivirus applications will not be run automatically the next time Windows is started.
The worm also contains one GIF file which is used to make a recipient of infected e-mails think that the message was scanned by Norton Anti-Virus and no infection was found.
But its havoc ended soon and it gone off the records after October 26.