[nasional_list] [ppiindia] New worm relies on old trick

• From: "Ambon" <sea@xxxxxxxxxx>
• To: <"Undisclosed-Recipient:;"@freelists.org>
• Date: Wed, 1 Feb 2006 20:00:43 +0100

** Forum Nasional Indonesia PPI India Mailing List **
** Untuk bergabung dg Milis Nasional kunjungi: 
** Situs Milis: http://groups.yahoo.com/group/ppiindia/ **
** Beasiswa dalam negeri dan luar negeri S1 S2 S3 dan post-doctoral 
scholarship, kunjungi 
http://informasi-beasiswa.blogspot.com 
**http://www.cnn.com/2006/TECH/internet/01/31/kamasutraworm/index.html

New worm relies on old trick
Promise of dirty pictures could destroy personal documents
By Marsha Walton 
CNN



Tuesday, January 31, 2006; Posted: 2:56 p.m. EST (19:56 GMT) 


LOOK OUT FOR THESE KAMA SUTRA WORM E-MAIL SUBJECT LINES: 


*Hot Movie* 

F***in Kama Sutra pics 

Fw: SeX.mpg 

Fwd: Crazy illegal Sex! 

give me a kiss 

Miss Lebanon 2006 

School girl fantasies gone bad 

The Best Videoclip Ever 

ATLANTA, Georgia (CNN) -- "There are a lot of people who are going to be very 
unhappy on the third of February," said Professor Merrick Furst from the 
Georgia Tech College of Computing.
That's when the Kama Sutra computer worm will begin destroying critical files 
on infected computers. And hundreds of thousands of machines may have the worm 
lurking within their Windows operating system, ready to be unleashed on 
February 3 and the third of every month thereafter.

Experts say Windows Office documents, Word documents, Excel spread sheets, and 
PDFs (portable document format) are among the files that will be "overwritten." 
That means the data will be changed and corrupted, and the original information 
will no longer be accessible.

While files that have simply been deleted can sometimes be recovered; 
overwritten files are usually lost for good.

This malicious software entices computer users with promises of sexy pictures, 
with e-mail subject lines ranging from "School girl fantasies gone bad" to "Hot 
Movie" to "Crazy illegal Sex!" and "Kama Sutra pics."

This worm is described as "old fashioned" in several ways.

First, it relies on the oldest trick in the book, a computer user's desire to 
see nasty pictures, to get them to take an action.

"With the Kama Sutra worm, this is a traditional style worm, meaning that it 
takes user interaction in order to become infected; someone has to double click 
on a file attachment, and then it does some type of malicious behavior, such 
as, in this case destroying a folder or a file," said Alain Sergile, a security 
expert at Internet Security Systems (ISS) in Atlanta.

Because the worm's destructive payload is delayed until the third of the month, 
many users may have infected their machines, but because neither dirty pictures 
nor computer problems resulted, simply forgotten that they ever clicked on the 
attachment.

The worm, which also goes by the names Blackworm, Blackmal, and Nyxem, has been 
spreading since January 16. It is capable of infecting Windows XP, Windows 
2000, Windows 98 and Windows ME operating systems.

"This is a really damaging worm. This is not one of those worms that is 
interested in having access to your machine for purposes later on. This worm 
will really damage your machine," Georgia Tech's Furst said.

Furst says the worm has spread to a lot of military addresses on the Internet 
(.mil), but mostly to ISPs (Internet Service Providers), meaning most of those 
infected are probably home users.

The computer security company LURHQ reports more than 600,000 machines around 
the world have been infected. 

With a little time before the third of the month trigger, most Windows users 
still have the ability to cleanse their computer of Kama Sutra before any 
information is destroyed.

Some antivirus software can eliminate the virus. Users should make sure their 
antivirus and antispyware software is up to date and to scan their computers 
for malicious programs that may have been surreptitiously installed on their 
machines. 

However, not all antivirus programs are effective. Problems running antivirus 
software may be one sign your computer has been infected. Joe Stewart of LURHQ 
says like many recent worms, Kama Sutra attempts to disable antivirus software 
when it is attacking a machine. 

And even for home computer users who have never taken such precautions before, 
security experts say now would be a good time to back up your most important 
data, like financial information and family photographs, to CDs, DVDs, zip 
drives, or an external hard drive that you know is worm and virus free. 

Unlike a lot of malware that exploits vulnerabilities in the Windows operating 
system, there is no "patch" that can be downloaded to ward off Kama Sutra.

"This is something that is not inherent in the operating system," Sergile said.

"Unfortunately, there is no way to patch user ignorance, and the way this virus 
propagates is through user ignorance," he said.

Sergile also says home users need to be aggressive about questioning e-mail 
messages and attachments, even if it appears they are coming from colleagues, 
friends, or relatives. Many e-mail viruses spread by forwarding themselves to 
everyone in a user's e-mail address book.

"So while you might think it is coming from cousin Alice, most likely cousin 
Alice is not going to send you something that says 'Hey look at these pictures 
with naked people.' So that should be your first clue that a virus is 
propagating and you'd be well served to call cousin Alice to let her know that 
she is [unknowingly] sending out this type of e-mail," Sergile said


[Non-text portions of this message have been removed]



***************************************************************************
Berdikusi dg Santun & Elegan, dg Semangat Persahabatan. Menuju Indonesia yg 
Lebih Baik, in Commonality & Shared Destiny. 
http://groups.yahoo.com/group/ppiindia
***************************************************************************
__________________________________________________________________________
Mohon Perhatian:

1. Harap tdk. memposting/reply yg menyinggung SARA (kecuali sbg otokritik)
2. Pesan yg akan direply harap dihapus, kecuali yg akan dikomentari.
3. Reading only, http://dear.to/ppi 
4. Satu email perhari: ppiindia-digest@xxxxxxxxxxxxxxx
5. No-email/web only: ppiindia-nomail@xxxxxxxxxxxxxxx
6. kembali menerima email: ppiindia-normal@xxxxxxxxxxxxxxx
 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ppiindia/

<*> To unsubscribe from this group, send an email to:
    ppiindia-unsubscribe@xxxxxxxxxxxxxxx

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 



** Forum Nasional Indonesia PPI India Mailing List **
** Untuk bergabung dg Milis Nasional kunjungi: 
** Situs Milis: http://groups.yahoo.com/group/ppiindia/ **
** Beasiswa dalam negeri dan luar negeri S1 S2 S3 dan post-doctoral 
scholarship, kunjungi 
http://informasi-beasiswa.blogspot.com **

Other related posts:

• » [nasional_list] [ppiindia] New worm relies on old trick

1. Home
2. nasional_list
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---