Summary: Over the past several days multiple Internet Security Entities have reported the discovery of a new worm (a piece of malicious code with the ability to propagate itself among networked computing systems) that spreads via email attachments and network shares.  The name of the worm varies (examples include Win32/Mywife.E@mm, BlackWorm, W32.Blackmal.E@mm) based on  naming conventions of the security entities but the nature of this worm is the same in virtually all cases.  The worm  contains an executable file that must be opened (run) by an unwitting user to take effect; once executed, the payload file  will perform two very damaging tasks:

(1) It will attempt to disable any currently-running Anti Virus software found on the victim system (immediately).

(2) IT will delete ALL Word, Excel, Access, PowerPoint, Acrobat, Photoshop, RAR (Archive), DMP (memory dump) and ZIP files on the victim system (the worm will delete these files on the 3rd day of every month).

The most commonly-reported method of infection is via email attachment.  Signatures and tools to detect/remove the worm and/or its' payload from email messages/infected computers are available from the majority of popular Email Scanning and AntiVirus vendors.

Recommended Actions:  ITS Email scanning systems are automatically updated and have been utilizing definitions for this worm since they have been available for download; thus all worm Email sent through UNIX or Exchange mail systems should be blocked and/or have their dangerous attachments stripped away prior to receipt by end users.  Although these measures should stop the main vector of infection users are (as always) cautioned NOT to open suspicious email attachments or similar files.

USERS  SHOULD UPDATE THIER ANTIVIRUS DEFINITIONS IMMEDIATELY IF AUTO-UPDATES ARE NOT ENABLED ON THEIR SYSTEMS.

Because this worm has the potential to damage personally-important files on virtually any Windows-based computer (including  home-based systems), readers of this alert are encouraged to share it with friends, family, and associates for whom the reader thinks may be at risk for infection.  Several links are provided below to help all readers learn more about the worm, its various names, and how to detect/remove it.

ITS Actions:  Email scanning for presence of the worm (and any new variants) is in-place and operational.

Resources:

SANS Summary:
http://isc.sans.org/blackworm

News Articles on worm:
http://arstechnica.com/news.ars/post/20060123-6028.html
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,107971,00.html