When reports of this “worm” (and the word should be used loosely) came out it was impacting over 700,000 computers because there was a counter on the site… well now it comes out that there was a script running to up the count…so it’s not 700,000…but more like 300,000.
Incidents.org has some write up on it…and in a listserve someone made a valid point…. this takes a “click” to infect….so…why is it being called a worm?
In the “Weekly Assessment” sent out last Friday, we provided our members with information regarding the W32.Blackmal.E@mm (Symantec) worm. This worm is expected to delete certain files from infected systems on the third of each month – starting on February 3rd. As there has been some confusion surrounding the various naming conventions for this worm, we would like to note that the Common Malware Enumeration (CME) group has assigned it the following ID: CME-2412. Some of the naming conventions associated with CME-24 are Win32/Blackmal.F (Computer Associates), Nyxem.E (F-Secure), Email-Worm.Win32.Nyxem.e (Kaspersky), W32/MyWife.d@MM (McAfee), and WORM_GREW.A (TrendMicro). The majority of the antivirus vendors are rating this worm a “Low”. We continue to recommend that our members review the publications supporting their AV solution, ensuring that the current protection updates against this threat are applied.
More info on the malware blog…
It’s been called a worm, because it’s easier for users to blame Microsoft than to take a look at their own risky behaviour, and because you can sell more ‘newspapers’ by demonising a single entity than you can by telling your readers that they may have did something dumm.