Posted: 2/2/2006 6:42:45 PM EDT
...probably a dupe, but I have been on the road for the past couple of days........ www.informationweek.com/news/showArticle.jhtml?articleID=178601098 Countdown On For Kama Sutra
Starting Friday, Feb. 3, the worm will begin corrupting 11 different file formats by overwriting those documents and files with a mindless string of text.
By Gregg Keizer, TechWeb News Feb. 2, 2006 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=178601098
As the clock continues to tick toward the anticipated destruction of Microsoft Office documents, Adobe files, and backup archives, security companies on Thursday posted their latest research and advice on the Kama Sutra worm.
Also known as Blackworm, Blackmal, MyWife, and Nyxem, the worm has been active for about three weeks. It's a throw-back, designed not to simply hijack a PC or steal confidential information, but to destroy data. Starting Friday, Feb. 3, it will begin corrupting 11 different file formats by overwriting those documents and files with a mindless string of text.
Chicago-based LURHQ revisited its data, and now puts the estimate of Kama Sutra-infected systems at twice its earlier guess. "Based on the more recent logs plus different methodology, we believe the total number of users infected worldwide is actually closer to 600,000," said the company in a Web site posting.
Helsinki, Finland-based F-Secure, meanwhile, said Thursday that although the worm is supposed to ruin files on any network drives connected to an infected machine, its tests weren't able to duplicate that behavior.
"In practice, the worm failed to [damage files] on network drives, at least in our test environment. Files on local and removable drives (including USB memory) were damaged by the payload," the company noted in an online alert.
A researcher at the Internet Storm Center (ISC) confirmed the finding in independent tests. "At this point, I do not believe that the destructive payload will occur via shares and/or mapped drives," concluded ISC's Lorna Hutcheson.
Microsoft chimed in with an updated security advisory, originally released Monday, that now tells enterprise users a blank log-in password may protect them from the worm spreading throughout the network.
"In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password," the advisory now reads. Blank passwords, Microsoft added, can be used locally in Windows XP (SP1 and SP2), Windows Server 2003, and Windows Server 2003 SP1. "If the account password is blank, the account is not valid as a network credential," the advisory states.
But it was U.K.-based Sophos that had the smartest advice Thursday: Don't panic.
"Sit down, have a cup of tea, and work out if you have done everything you should have done to ensure your computer isn't at risk from the Nyxem worm, and indeed any of the other 120,000 pieces of malware in existence," said Graham Cluley, senior technology consultant at Sophos, in a statement.
| news.independent.co.uk/world/science_technology/article342871.ece Kama Sutra e-mail virus primed to strike today By Martin Hickman, Consumer Affairs Correspondent Published: 03 February 2006
Important information stored on home computers could be wiped clean by an e-mail virus called Kama Sutra that is timed to strike today.
Computer engineers say the virus has been infecting hundreds of thousands of machines across the world since being identified on 16 January. It is being circulated as a pornographic attachment to e-mails and spreads by e-mailing itself to other addresses from an infected computer. On the third day of every month it deletes files.
The virus targets computers using Microsoft Windows but, unlike many other recent viruses, deletes many popular types of file, including spreadsheets and presentations.
A website associated with the virus estimated it has now reached more than 300,000 victims. Its impact is likely to be greatest on home computers because most businesses have current anti-virus protection.
The virus got its name because some of its variations refer to the Kama Sutra guide to sexual positions but is also known as "Nyxem-E, Grew.A", "MyWife" or "BlackWorm". It appears as an e-mail with subject lines such as "Hot Movie" or "Miss Lebanon 2006".
Affected files include Oracle, Word, Adobe Acrobat, Photshop, Excel and PowerPoint. Because so many of the applications are used in offices, experts believe the virus may be aimed at businesses.
Ken Dunham, from the US internet security firm VeriSign, said: "This attack is under way and will be activated unless people get virus removal tools.
"If you have opened an e-mail and your computer froze up, you should be very concerned."
Important information stored on home computers could be wiped clean by an e-mail virus called Kama Sutra that is timed to strike today.
Computer engineers say the virus has been infecting hundreds of thousands of machines across the world since being identified on 16 January. It is being circulated as a pornographic attachment to e-mails and spreads by e-mailing itself to other addresses from an infected computer. On the third day of every month it deletes files.
The virus targets computers using Microsoft Windows but, unlike many other recent viruses, deletes many popular types of file, including spreadsheets and presentations.
A website associated with the virus estimated it has now reached more than 300,000 victims. Its impact is likely to be greatest on home computers because most businesses have current anti-virus protection.
The virus got its name because some of its variations refer to the Kama Sutra guide to sexual positions but is also known as "Nyxem-E, Grew.A", "MyWife" or "BlackWorm". It appears as an e-mail with subject lines such as "Hot Movie" or "Miss Lebanon 2006".
Affected files include Oracle, Word, Adobe Acrobat, Photshop, Excel and PowerPoint. Because so many of the applications are used in offices, experts believe the virus may be aimed at businesses.
Ken Dunham, from the US internet security firm VeriSign, said: "This attack is under way and will be activated unless people get virus removal tools.
"If you have opened an e-mail and your computer froze up, you should be very concerned."
|
|