By Michael Kahn
A destructive worm posing as a pornographic e-mail may already have
infected hundreds of thousands of computers and could erase many
everyday files on February 3, security experts warned on Tuesday.
The "Kama Sutra" worm, which targets popular Microsoft Corp. operating
systems, Adobe Systems Inc. and ZIP files, is a threat because many
users will not know the virus has infected their computers until it is
too late, security experts said.
They also estimate that the worm -- which spreads by e-mailing itself
to addresses in an infected computer's mailbox -- may already have
slipped onto 275,000 to 500,000 machines and is now simply waiting to
obliterate files on Friday.
The virus, also known as Grew.A or MyWife, ErectPenis and other
pornographic names tricks users by appearing as an e-mail attachment
with subject lines such as "Hot Movie," "give me a kiss" and "Miss
Lebanon 2006" are the most common variants on the names it uses.
Some variations refer to the ancient Kama Sutra guide to elaborate
sexual positions in order to attract attention and convince victims to
open. Or, letters may claim "look at these pictures I found of you".
"It claims to be a movie or picture with some sort of sexual content,"
said Johannes Ullrich, chief research officer at the nonprofit SANS
Institute research group. "That is how it lures and tricks users."
The virus causes a keyboard and mouse to freeze up and then disables
anti-virus programs when the computer is restarted, leaving a machine
vulnerable, said Ken Dunham, rapid response director at VeriSign
Corp.'s security unit iDefense. The attack is scheduled to begin at
midnight on February 3.
The virus mainly has infected computers of vulnerable consumers and
small businesses, which are far less likely to have up-to-date
security software, he said.
The Kama Sutra worm also stands out because its primary purpose is to
destroy files _including anti-virus protection programs_ rather than
to seek financial gain or to take control of a computer, security
experts said.
Dunham said any users who suspect they may have triggered the worm
should reinstall an anti-virus program and make sure the virus has
been removed.
"It is already underway and may have disabled your personal anti-virus
protection and will be activated unless people get removal tools," he
said. "If you have opened an e-mail and your computer froze up, you
should be very concerned. A good clue is if you have received email
through AOL or Hotmail including pictures and those systems (which
normally will advise 'email scanned for viruses') responds by saying
'email NOT scanned' or similar and your computer stalled or locked
up even for a couple minutes. That means you may have gotten infected.
In all probability, your personal anti-virus software may have gotten
stomped on as well, and MUST be re-installed."
Copyright 2006 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
For more news and headlines from Reuters, please go to:
http://telecom-digest.org/td-extra/newstoday.html