Brian Krebs on Computer Security
Posted at 10:20 AM ET, 01/22/2006
Kama Sutra Worm Gets Nasty
A potentially destructive new computer worm disguised as pornographic videos and other material is steadily infecting thousands of victims each hour with payload designed to destroy documents and files on victim machines.
This particular nastygram has earned different monikers from various antivirus vendors -- including "W32/Nyxem-D" (Sophos and F-Secure), "Tearac.A" (Panda Software), and "W32.Blackmal.E@mm" -- but the catchiest name I've seen so far is "Kama Sutra," taken from one of the e-mail worm's variable enticing subject lines.
The worm appears programmed to do three things: spread, disable security software and overwrite certain files. According to analysis from F-Secure, on the third day of each month the worm will overwrite the contents of certain files on infected machines, including Microsoft Word, Excel and Powerpoint files, as well as Adobe PDF documents and compressed ZIP and RAR archives, among other file formats.
The worm also notifies a specific Web site each time it infects a new machine, increasing the number on a Web based counter with each visit. Security Fix isn't publishing the link to the counter for obvious reasons (if everyone who read this started visiting the link its accuracy for measuring the true spread of the worm would quickly decrease.) Just know that as of 12:30 a.m. ET on Sunday the counter showed 539,261 victims, up from 522,684 5:30 p.m. ET on Saturday, an average of about 2,500 new victims per hour.
As always, be extremely careful about clicking on attachments or links that arrive in e-mail or instant message, even if they appear to have been sent by someone you know. If you got hit with this worm and your antivirus software can't get rid of it, try the free removal tool for this worm from Symantec....
http://blogs.washingtonpost.com/securityfix/