Anyone get hit by the Nyxem/Blackmal worm?

JDMurray

Anyone get zapped by this worm today? It was suppose to activate today (Feb 3rd) and overwrite specific files on computers it had infected, which was an estimated 700K machines worldwide. I was wondering if anyone here was hit.

http://isc.sans.org/diary.php?storyid=1067

RussS

Nope - all of my clients are clean as far as we can tell.

I did however have a lot of fun yesterday with CA EZ-Antivirus being deactivated on several clients machines. Apparently the updates CA posted overnight (2nd NZ time) were corrupted and turned off automatic protection. They appear to have recognised this and replaced the definition file however they used the same string number and that did not allow machines to fix themselves by downloading the newer version
The quick fix was to uninstall and reinstall. CA thought that when the next update came out it would automatically solve the issue but I have a problem with leaving my clients defenceless for the time it took for CA to sort the issue.

crap I forgot my old pwd

none yet! lets keep it that way!

Ricka182

I'm good so far!

TeKniques

We had none as well.

Trailerisf

Nope, but I did make quite a bit of cash working late into the hours on Thursday night verifying all my clients were secure.

I love media hype. Even the computer illiterate were asking to have me come by just to make sure.

Money well spent in their minds for peace of mind.

matts5074

All 3 of mine here are clean.

TURTLEGIRL

All clear here, nothing so far. I also heard of one being activated on the 14 feb.

Chivalry1

All of my clients are clean. I watched for unsuspected activity on all of my work stations. I must agree that the extra hours on Thursday was not bad.