Panda Software advises caution in the face of the ...

2/1/2006. This worm is prepared to activate on the third of each month, rendering Word, Excel, Access or PowerPoint files among others useless, and disabling several security solutions

Panda Software has made its free tools to eliminate this worm available at: http://www.pandasoftware.com/download/utilities/

Panda Software´s TruPreventTM Technologies have detected and blocked Tearec.A without the need for prior updates, so computers with these technologies installed have been protected from the outset

PandaLabs has warned of the activation, on February 3, of the Tearec.A worm (also called Nyxem or Blackmal), which spread to computers worldwide two weeks ago. This worm spreads in e-mails alluding to erotic content and is programmed to activate on the third of every month, deleting files with certain extensions and disabling certain security solutions. To minimize the impact of the worm, Panda Software offers users without a security solution, the free tools to eliminate the threat, at: http://www.pandasoftware.com/download/utilities/. TruPreventTM Technologies detected and blocked Tearec.A without the need for prior updates, so computers with these technologies installed have always been protected.

“The main priority now is to minimize the effect of this worm ” explains Luis Corrons, director of PandaLabs.“And therefore the usual recommendations apply: keep security solutions up-to-dateand scan the whole system to ensure that it is free from threats.For those who don´t have a security solution or would like a second opinion, we offer our free tool for eliminating this worm.The most important thing is to ensure that as few as possible computers are affected on the third of February.”

Tearec.Areaches computers in e-mails with subject alluding to sexual content, promoting erotic videos or images.If a user runs one of the attachments, the worm begins to spread using its own SMTP engine, and starts deleting files related to security tools installed on the system or on accessible remote systems if the computer is part of a network.In addition, on the third of every month it tries to disable files with certain extensions (.doc, .xls, .mdb, .ppt, .zip, .rar, .pdf, or .psd, among others), corresponding to some of the most widely used applications such as Word, Excel, Access, PowerPoint, Acrobat Reader or Photoshop. Another notable characteristic is its use of a counter on a web page to register the number of infections.

“It is difficult to evaluate the impact of this worm as the counter in itself is not a good reference ” explains Luis Corrons.“It seems like many registries in the counter have been from the same IP, so the total number of infections would be considerably less than indicated. Nevertheless, it is still a considerable threat, and that this reason we are on staying alert on the date of activation ”.

About PandaLabs

Since 1990, PandaLabs’ mission has been to analyze new threats as soon as possible to ensure that our clients are safe. Several teams specialized in each specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.) work 24x7 to offer global coverage. To do this they are supported by TruPrevent™ Technologies, a truly global early warning system made up of sensors that are strategically distributed and neutralize new threats and send them to PandaLabs for in-depth analysis. According to AV-Test.org, PandaLabs is the fastest in the industry to offer complete updates (more information at www.pandasoftware.com/pandalabs.asp).