Computer Crime Research Center


Did Kama Sutra worm strike?

Date: February 07, 2006
By: Mike Baron

So how was it for you? Computer security experts have warned that a malicious computer worm, dubbed "Kama Sutra," was set to wreak havoc this Friday, February 3rd on Microsoft Windows computers worldwide. Kama Sutra is designed to destroy files that end in .doc, .zip and .pdf.

The Kama Sutra worm's anticipated bombshell ended up fizzling out but experts are still divided on whether all the fuss over the threat was justified.

The Kama Sutra worm has been spreading through cyberspace since January 16, packaged in emails with subject headings such as: "give me a kiss" and "crazy illegal sex."

When users click an email attachment, their PCs become infected with destructive, self-replicating malware. The worm affects Microsoft Windows operating systems - it is designed to go to work on the third of every month - overwriting or corrupting Microsoft files and others - such as Portable Document Format (PDF) files.

"This one can damage your office files, your Microsoft Excel spreadsheets and your Powerpoint presentation," Tino Klironomos, a computer retailer, said. "(The files will be) all gone, history."

Computer security company LURHQ reports that there may be hundreds of thousands of machines already infected with the worm, which also goes by the monikers "BlackWorm," "CME-24," "Blackmal," "Mywife.E" and "Nyxem."

To prevent the worm, Windows users have been arming themselves with anti-virus software. People can also protect their PC with up-to-date anti-virus gear and firewall protection. Free anti-virus tools are available from many anti-virus organisations. These tools can detect and remove the Kama Sutra worm from an infected machine.

Experts say: "Make sure your virus definitions are up to date. Besides being careful about opening email messages and attachments, users should back up their most valuable computer files on an external device such as a CD, zip drive or DVD."

Steve Bass at PC World says: "Stop worrying. If you update your virus program signatures regularly, and do a weekly AV scan, I don't think you have much to worry about..."

Other advice is not to open any messages with the subject headers "crazy, illegal sex", "give me a kiss" and "hot movie."

The worm will not affect machines running on non-Windows operating systems such as Mac OS X or GNU/Linux.

But why didn't it wreak the havoc that it was forecast? Vincent Weafer, senior director at Symantec Security Response, said: "It has been a non-event. We have been tracking our consumer tech support: less than a handful of people worldwide have called in saying they might be infected."

A McAfee spokeswoman said: "It got a lot of media attention because of the name and the illicit material but it did not get attention from the major antivirus companies. We kept the threat level low."

Others say the alarm over Kama Sutra was warranted. details: "Ken Dunham, the director of rapid response at iDefense, said: "The reality is that there could have been hundreds of thousands of computers with overwritten files today. Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community."

At F-Secure, experts aren't convinced the Kama Sutra attack is over.

Mikko Hypponen, F-Secure's chief research officer, said in a blog posting on Friday: "[The] vast majority of the machines infected... are home computers. Nothing will happen on them until people get home from work and boot up their machines. We'd like to think that they whole problem was avoided and everybody cleaned up their machines in time. But unfortunately, that's probably not true."

Meanwhile, McAfee, Symantec and Trend Micro say Kama Sutra has come and gone. Still, PC users should keep their antivirus software up to date to be protected against possible variants."
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo