The destructive deadline of the Nyxem.E worm is based on the clock of the infected machine. So if you’re infected and your clock is not set right, things could start to happen at any time – even though the official activation time is the 3rd of the month. F secure have already received first reports from users who’ve had files on their system overwritten by the worm.
When Nyxem activates, it will overwrite all of your DOC/XLS/PPT/ZIP/RAR/PDF/MDB files. This is nasty, as this is done on all mounted drives, ie. any drive that has a drive letter. So it might affect your USB thumb drives, external hard drives and network drives! Also, if you’re taking daily automatic backups you might end up backing up the corrupted files over good files.
The number of machines that have been hit by this worm is over 300,000. Many of those have been disinfected already, though. But thousands of computers will get their files overwritten on February 3rd – most of them in India, Turkey and Peru.
This worm family has been around since March 2004. The worm is named “Nyxem” because the original Nyxem.A variant launched a DDoS attack against the New York Mercantile Exchange website (www.nymex.com). We don’t know why.