Antivirus vendors are warning of a rapidly spreading worm that is carrying a potentially destructive set of instructions. Nyxem – also nicknamed the Kama Sutra worm – is programmed to overwrite all the files on computers it infects on 3 February, said Mikko Hypponen, chief research officer at F-Secure.
F-Secure researchers found the worm truncates files to 20 bytes and causes an error message when one is opened, he said.
"We are expecting to see problems in two weeks' time," Hypponen said.
The worm appears to be programmed to overwrite all files on the third day of every month, Hypponen said. So far, there's no indication where the Nyxem worm originated.
While most antivirus vendors have issued updates for their software, Nyxem is spreading quickly, and its creators have posted a counter on a website that records new infections. According to F-Secure's security blog, the counter was showing around 510,000 infections as of Sunday night.
Nyxem infections may be rising because it is taking advantage of computers that have already had their antivirus software disabled by another virus such as Bagle, Hypponen said.
The worm, which is spread through email, uses a dated technique to entice users by promising pornography, said Graham Cluley, senior technology consultant at Sophos. Nyxem lacks the sophistication of recent Trojan Horse-style viruses that are more targeted and less prevalent in order to evade detection, Cluley said.
Nonetheless, users appear to be clicking, and the worm was accounting for about 35 percent of virus traffic as of this morning, he said.
"It's a bit of a throwback to an old trick," Cluley said.
The worm harvests email addresses and then sends itself out again. The email subject line may contain text that says 'Miss Lebanon 2006' or 'School girl fantasies gone bad', according to Sophos.