FW: Internet and Technology News Experts Warn About Pending Kama Sutra Worm Attack

  • From: "Ernie Molina" <ehmolina@xxxxxxxxxxx>
  • To: "Mauricio H Molina Jr" <mauriciohmolina@xxxxxxxxxxxxx>, <blindcasting@xxxxxxxxxxxxx>
  • Date: Thu, 26 Jan 2006 15:55:14 -0800


-----Original Message-----
From: parker@xxxxxxxxxxxxxxxxxxxxxx [mailto:parker@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, January 26, 2006 11:14 AM
To: Internet News
Subject: Internet and Technology News Experts Warn About Pending Kama Sutra
Worm Attack

Walaika K. Haskins, Wed Jan 25, 6:42 PM ET Security analysts are warning
computer users about a new and potentially destructive Internet worm that
can obliterate important documents. The worm, called Kama Sutra, is making
the rounds now, but is scheduled to execute its first massive attack on
February 3.
Detected last week, the malicious worm targets computers running Windows and
spreads primarily by copying itself to shared network locations and then
sending itself to e-mail addresses found on afflicted computers. With
subject lines that read "the best videoclip ever," "give me a kiss," and
"school girl fantasies gone bad," the worm entices computer users to open
the attached file.
"This worm feeds on people's willingness to receive salacious content on
their desktop computer, but they could be putting their entire company's
data at risk," 
said Graham
Cluley, senior technology consultant at Sophos.
According to Sophos, on the third of each month, the worm will attempt to
disable existing antivirus and firewall software and also will delete
specific files, such as Microsoft Office documents.
Waxing or Waning Threat
The worm -- also known as Blackworm, Nyxem-D, and W32.Blackmail.E, among
others -- was said by Sophos to be the most frequently sighted e-mail worm
last week. 
statistics indicate that, within the last 24 hours alone, the worm has
accounted for some 23 percent of all virus reports.
There are disagreements in the security industry about the severity of the
worm, with Symantec and F-Secure taking different positions on the issue. 
Controversy stems
from interpreting one of the worm's most intriguing features: a Web counter.

the worm infects a new computer, it accesses a Web page on which there is a
The counter number increases whenever the Web page is accessed.
Andrew Jaquith, a Yankee Group senior analyst, said that most reports
indicate that the counter had risen already to 700,000, which could indicate
that nearly a million computers are infected.
Much of the speculation in the industry about the potential for damage done
by the Kama Sutra worm centers on the counter number -- which might
represent unique machines or accesses to the counter page by the same
machine more than once. One of the things that is "sorely lacking" with mass
outbreak malware like the Kama Sutra worm, Jaquith said, is any real sense
of how many machines are compromised.
"We still don't know, for example, how many machines were really affected by
the WMF vulnerability," he explained. "The antivirus vendors don't seem to
know either, or are unwilling to divulge much -- possibly because it would
expose gaps in their signature coverage."
Back to Old-School
To address what is so far the most expansive malware attack in 2006,
speculation among security vendors and researchers has focused on the
destructive nature of the worm. Unlike most viruses currently in the wild,
the Kama Sutra code is not intended to reap the code writer a windfall of
ill-gotten gains. The hacker designed the worm to create mayhem by
destroying documents.
"The reason why experts at Sophos believe the worm is likely to have been
written by an old-school hacker rather than an organized criminal is its
destructive payload,"
Cluley explained. "That kind of destructive behavior is not typical of
financially motivated worms because the damage is too obvious to the end
Frost & Sullivan analyst Rob Ayoub said he is not convinced that the worm
represents the work of an old-school hacker. This worm is something that the
industry has not seen in about a year. "This is just something we haven't
seen in a while. 
It's not
a botnet or a zombie. It's a throwback to malware that only seeks to create
ActiveX Controls
Of greater concern, said Ayoub, is the worm's ability to deceive Windows
into receiving a malicious ActiveX control by providing a phony digital
Discovered originally
by Fortinet, the worm apparently adds some 18 entries to the Windows
Registry, allowing it to insert an ActiveX control that can circumvent
Windows' defense mechanisms.
The development is interesting, Ayoub said, because, heretofore, the
assumption has been that if a piece of software has a digital signature,
then it is safe. 
said Microsoft will need to take a serious look at digital-signature
"In the past, it has always been if the company signs it, then it must be
Ayoub said. "Microsoft needs to look at the digital signing process or else
we will see more things like this and that is pretty dangerous because that
gets around some of the safeguards that are supposed to keep these things
Analysts are urging computer users, especially home users, to make sure that
they have up-to-date antivirus software installed on their machines. "There
should be no excuse for any data being lost on February 3 by this worm, but
there is always the danger that some home users will not have heard that
warning," Cluley said.

We supply this information  as a service and do

not endorse it or recommend any action being taken based upon it.  Any

decisions taken, by the subscriber, are entirely your own responsibility.

This is an announce only list.  All replies will go only to the list


To unsubscribe from this list, press Enter on the link below.  A

pre-addressed message will pop up, simply send it.


If you wish to recommend this list to a friend, send the following link to



We hope that you're enjoying this list.


Other related posts:

  • » FW: Internet and Technology News Experts Warn About Pending Kama Sutra Worm Attack