A CNET FAQ on the Kama Sutra worm

By Robert Vamosi on 03 February 2006

There's a computer worm set to damage computer systems starting on February 3, 2006.

There has been a lot of confusion surrounding this worm, especially because media organisations and antivirus vendors haven't determined a common name. CNET has settled upon Kama Sutra; however, aliases include CME-24 (US-CERT), MyWife (McAfee), Tearec (Panda), Nyxem (Sophos), Blackmal (Symantec, Computer Associates, Vet), and GREW (Trend).

Infections: Security vendor LURHQ has metrics on the spread of Kama Sutra in specific countries through January 26, 2006. The data suggests that India, Peru, Italy, and Turkey are the most vulnerable to Kama Sutra; today, however, antivirus vendor F-Secure posted data suggesting that the United States and Europe may be equally vulnerable.

Who's at risk?: Kama Sutra affects all versions of Windows; it does not affect users of Mac OS, Linux, or Unix.

How does it infect?: Windows users who receive sexually suggestive e-mail and proceed to open the attached file may find themselves infected with Kama Sutra. Unlike some e-mail worms, Kama Sutra will not automatically spawn; you must open the file yourself.

Expected damage: Kama Sutra contains a dangerous payload. On the third day of the month all files with the extensions DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, and ZIP will be overwritten with an error message "DATA Error [47 0F 94 93 F4 K5]." These files -- which include the default file formats for Microsoft Office and Adobe Acrobat applications -- cannot be restored once they are damaged.

CNET Virus Threat Meter: Despite the danger presented by Kama Sutra, infection rates remain relatively low worldwide. Therefore we are keeping the Threat Meter on Low for the time being.

Prevention and cure: Read our prevention and cure alert for links to specific antivirus vendors. For a more comprehensive analysis, see the page posted at Sans.org.

E-mail this
Print this
Share this...
- del.icio.us
- digg this
- Reddit
- Slashdot
- StumbleUpon

Join CNET.com.au Free newsletters, post to forums and win prizes. Join now - it's free and easy!

Related links

Norton AntiVirus 2008

As we await final code and therefore test results on the overall performance of this year's version of Norton AntiVirus, the new interface and features alone do not suggest an automatic KO in our latest antivirus roundup of 2008 products.
Windows virus worms onto some Apple iPods

A small number of the video media players have been shipped with the RavMonE virus, the company warns.
Norton Internet Security 2007

Norton Internet Security 2007 makes significant gains over last year, including cutting-edge rootkit and behavioural monitoring features found nowhere else, but the overall package could be serious overkill for the average desktop owner.
The secure Mac: myth or legend?

Apple computers have built a solid reputation on being virus-free, but is the reality different from the image?