F-Secure said the Nyxem.e worm accounts for about 7 percent of all intercepted viruses in the past 24 hours. The worm arrives as an attachment to email messages with a variety of subject headlines, including "Arab sex," "give me a kiss," "Hot Movie," and "F****** Kama Sutra pics."
The new worm carries code that instructs computers to replace data in files with .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, or .dmp extensions with the useless string "DATA Error [47 0F 94 93 F4 K5]" on the third of the month.
This list includes the native document formats for Microsoft Word, Excel, PowerPoint, and Access, as well as for Adobe PhotoShop and Acrobat. F-Secure added that Nyxem.e is similar to the VB.bi/Blackmal/MyWife.d worm that climbed the charts earlier this week.
It also tries to delete selected security software and can spread through shared folders by hijacking addresses from infected PCs.
F-Secure raised its alert level on Nyxem.e to "2," the first time the Helsinki-based anti-virus company has used that high a warning since December's Windows Metafile vulnerability broke into the news.
