A mass-mailing computer virus that is coded to delete files on February 3 may have spread to more than 500,000 servers, if evidence from a Web counter can be trusted.
Known as the Blackmal.E or Nyxem.E virus, the program travels as an attachment to e-mail messages with suggestive subject lines such as "School girl fantasies gone bad" and "Re: Sex Video". The virus will completely compromise systems whose users open the attachment, attempting to disable security software and making extensive changes to the registry.
The virus will increment a Web counter hosted at Internet service provider RCN. The counter, which can be accessed via a Web address, surpassed 500,000 this weekend, according to antivirus firm F-Secure. The counter may not be accurate, as it could have started above zero and logs any browser that also goes to the Web address, counting observers as well as compromised PCs in a sort of Heisenberg's Uncertainty Principle for the Internet.
The number falls short of the largest documented infection to date--the MSBlast, or Blaster, worm--which spread to at least 25 million computers, according to data gathered by Microsoft.
Computers that remain infected on February 3 will have eleven types of data deleted from the hard drive, including any Word, Excel, PowerPoint or PDF documents. However, a similar threat posed by the Sober virus, which was supposed to download additional functionality on January 5, largely failed to happen. Because the Blackmal virus does not rely on external Web sites, however, it's unlikely that it will be as easily hobbled.
Posted by: Robert Lemos