When run on a Windows PC, the worm copies itself to shared network locations and sends itself to e-mail addresses found on the target computer. The pest includes a timed attack that attempts to disable antivirus and firewall software and delete certain files, including Office documents, on the third day of the month, according to antivirus software vendor F-Secure.
The worm, dubbed W32/Nyxem-E by F-Secure, arrives attached to an e-mail message. It uses a variety of subject lines, including "School girl fantasies gone bad." The body text also varies, but it can include references to the Kama Sutra, the ancient Sanskrit book with pictures and explanations about different sexual positions. The worm executes when the user opens the attachment.
"This worm feeds on people's willingness to receive salacious content on their desktop computer," Graham Cluley, senior technology consultant for antivirus vendor Sophos, said in a statement.
Nyxem-E was the most commonly caught threat in the past 24 hours, according to both F-Secure and Trend Micro, which calls the worm Grew.A. The worm also has its own counting mechanism, and it showed 510,000 infected systems on Saturday, according to F-Secure.
"Our internal reporting system shows a steady stream of Nyxems being reported from all over the world, from USA to Australia," F-Secure said in a statement on its corporate blog. "If the worm keeps this pace, Friday the 3rd of February might be nasty--that's when the destructive payload is programmed to strike for the first time."
To protect themselves, users should keep their antivirus software up to date and be wary when opening e-mail attachments, experts said.