The mass-mailing Blackmal.E virus has spread to more than 300,000 machines, far less than the 9 million hits indicated by a Web counter used by the program, according to an analysis of the data retrieved from the affected Internet service provider.
The virus, also known as BlackWorm and Nyxem.E, has spread most successfully in India, Turkey and Italy, according to an analysis performed by security firm Lurhq. The virus uses a Web counter to keep track of the number of infections, but the data has been polluted by attacks from one or more bot network operators, the firm said. While the counter currently stands at over 9 million hits, only about 300,000 events can be attributed to infected computers, the firm said.
"Even so, 300,000 infected users worldwide is not a terribly large amount when compared to previous worms like Sober or MyDoom," Lurhq stated in its analysis. "However, with this worm it isn't the quantity of infected users, it is the destructive payload which is most concerning."
Computers that remain infected on February 3 will have eleven types of data deleted from the hard drive, including any Word, Excel, PowerPoint or PDF documents. However, a similar threat posed by the Sober virus, which was supposed to download additional functionality on January 5, largely failed to happen. Because the Blackmal virus does not rely on external Web sites, however, it's unlikely that it will be as easily hobbled.
Posted by: Robert Lemos