[ISN] Kama Sutra virus expected to strike

InfoSec News isn at c4i.org
Fri Feb 3 04:31:20 EST 2006


By Michael Kahn
February 3, 2006

SAN FRANCISCO (Reuters) - A destructive worm posing as a pornographic
e-mail may already have infected hundreds of thousands of computers
and could erase many everyday files on Friday, security experts warn.

The "Kama Sutra" worm, which targets popular Microsoft Corp., Adobe
Systems Inc. and ZIP files, is a threat because many users will not
know the virus has infected their computers until it is too late,
security experts said.

They also estimate that the worm -- which spreads by e-mailing itself
to addresses in an infected computer's mailbox -- may already have
slipped onto 275,000 to 500,000 machines and is now simply waiting to
obliterate files on Friday.

The virus, also known as Nyxem, Grew.A or MyWife, tricks users by
appearing as an e-mail attachment with subject lines such as "Hot
Movie," "give me a kiss" and "Miss Lebanon 2006."

Some variations refer to the ancient Kama Sutra guide to elaborate
sexual positions in order to attract attention and convince victims to

"It claims to be a movie or picture with some sort of sexual content,"  
said Johannes Ullrich, chief research officer at the nonprofit SANS
Institute research group. "That is how it tricks you."

The virus causes a keyboard and mouse to freeze up and then disables
anti-virus programs when the computer is restarted, leaving a machine
vulnerable, said Ken Dunham, rapid response director at VeriSign
Corp.'s security unit iDefense. The attack is scheduled to begin at
midnight on February 3.

The virus mainly has infected computers of vulnerable consumers and
small businesses, which are far less likely to have up-to-date
security software, he said.

The Kama Sutra worm also stands out because its primary purpose is to
destroy files rather than to seek financial gain or to take control of
a computer, security experts said.

Dunham said any users who suspect they may have triggered the worm
should reinstall an anti-virus program and make sure the virus has
been removed.

"It is already underway and will be activated unless people get
removal tools," he said. "If you have opened an e-mail and your
computer froze up, you should be very concerned."

More information about the ISN mailing list