http://www.washingtonpost.com/wp-dyn/content/article/2006/02/03/AR2006020300346.html By Michael Kahn Reuters February 3, 2006 SAN FRANCISCO (Reuters) - A destructive worm posing as a pornographic e-mail may already have infected hundreds of thousands of computers and could erase many everyday files on Friday, security experts warn. The "Kama Sutra" worm, which targets popular Microsoft Corp., Adobe Systems Inc. and ZIP files, is a threat because many users will not know the virus has infected their computers until it is too late, security experts said. They also estimate that the worm -- which spreads by e-mailing itself to addresses in an infected computer's mailbox -- may already have slipped onto 275,000 to 500,000 machines and is now simply waiting to obliterate files on Friday. The virus, also known as Nyxem, Grew.A or MyWife, tricks users by appearing as an e-mail attachment with subject lines such as "Hot Movie," "give me a kiss" and "Miss Lebanon 2006." Some variations refer to the ancient Kama Sutra guide to elaborate sexual positions in order to attract attention and convince victims to open. "It claims to be a movie or picture with some sort of sexual content," said Johannes Ullrich, chief research officer at the nonprofit SANS Institute research group. "That is how it tricks you." The virus causes a keyboard and mouse to freeze up and then disables anti-virus programs when the computer is restarted, leaving a machine vulnerable, said Ken Dunham, rapid response director at VeriSign Corp.'s security unit iDefense. The attack is scheduled to begin at midnight on February 3. The virus mainly has infected computers of vulnerable consumers and small businesses, which are far less likely to have up-to-date security software, he said. The Kama Sutra worm also stands out because its primary purpose is to destroy files rather than to seek financial gain or to take control of a computer, security experts said. Dunham said any users who suspect they may have triggered the worm should reinstall an anti-virus program and make sure the virus has been removed. "It is already underway and will be activated unless people get removal tools," he said. "If you have opened an e-mail and your computer froze up, you should be very concerned." _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Feb 03 2006 - 02:20:01 PST