The Nyxem virus was first reported on 16 January. It is thought to have infected more than half a million PCs, and security vendor Ironport warned on Thursday that these machines are now hard-coded to propagate the virus on 3 February.
Companies are unlikely to be directly affected if they are running up-to-date antivirus software because the major antivirus vendors have now released patches. But Ironport warned that firms could experience secondary effects as the virus tries to propagate itself by harvesting e-mail addresses on an infected machine.
"The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional email and network traffic, and possible slow down e-mail response time," said Jason Steer, technical consultant at Ironport.
Security company F-Secure has reported that Nyxem.E reached the top position in its virus statistics with 21.7 percent of all reported infections. On Saturday the Web counter used by the Nyxem worm itself showed over 510,000 infections and continued to rise, according to F-Secure.
Once active, Nyxem will delete all Word, Excel, PowerPoint, and PDF file types from a compromised PC. The multi-faceted malware will also attempt to propagate itself both through e-mail and as a network worm, which can be particularly damaging on closed networks.
"Nyxem is certainly malicious. It can be delivered via e-mail, but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible," said Steer.
The malware hides in attachment types not typically blocked by attachment filters, IronPort said.
The Internet community will not know the scale of the February attack until it occurs. "It depends on how many hosts are infected," said Steer. "At the moment it's just sitting there quietly, and we won't know how many home users have been infected until 3 February."
Businesses should warn their employees not to open suspicious e-mails, and to know what these e-mails may look like. "The subject lines may contain some references to pornography -- fairly typical stuff," said Steer.
"Be vigilant. Update your antivirus patches, and make sure your hard-disk has been scanned to detect and remove the virus," he added.
Nyxem has the potential to cause havoc throughout the year, as infected PCs are set to activate on the third day of every month, unless they are cleaned up.
ZDNet UK's Tom Espiner reported from London. For more coverage from ZDNet UK, click here.
This worm has a payload that hits on Feb 3rd, but Microsoft has added it to their malicious software removal tool due to be deployed with the regular monthly updates on the 7th - too late to be effective.
Surely a special release for prior to Feb 2nd would be in order, and possibly dramatically reduce the risk of further infestations?
It may even prompt those infested to do something about getting updated and effective protection, given the ferocity that the worm targets anti-virus products and disables them.
Microsoft - are you listening?