The Kama Sutra Worm virus, which was first detected by F-Secure, January 20,
2006, is a mass-mailing worm. The worm attempts to spread using remote shares
if available, and attempts to disable security-related and file sharing protection
software. It is similar to the 'Email-Worm.Win32.VB.bi' that was found a few
days ago.
The destructive worm disguises itself as emails linking to pornographic videos
and other materials, which apparently is a great way to spread a worm virus
since it has been able to infect over 500k systems, with thousands of new victims
every hour.
In the last few years, while the spread of viruses and malware has not really
gone down, the creation of worms designed to destroy systems or data is almost
non-existent. This is due to hackers learning that they can make money by creating
malware and spyware which remains hidden from the user, for the most part, and
collects data or projects advertisements to the monitor in various ways. Destructive
viruses do nothing but destroy, have no real value and are very high profile,
so they don't spread as far as they might otherwise.
The Kama Sutra worm is programmed to accomplish three tasks; spread itself,
disable security software and other limiting measures, and finally overwrite
certain file types (Word, PDF, Zip, RAR and Excel spread sheets being high on
that list). From F-Secure's analysis the worm will do this last act on the third
day of each month.
In a seeming last act of personal gratification, the virus also notifies a
website, increasing a counter on that page with each new system infected (we
are not publishing the website URL, as there may be other security problems
with visiting the site. Seriously, let your curiosity burn on something else).
As of 12:30 a.m. ET on Sunday the counter showed 539,261 victims, up from 522,684
5:30 p.m. ET on Saturday, an average of about 2,500 new victims per hour.
A computer worm is a self-replicating computer program, similar to a computer
virus. A virus attaches itself to an executable program; however, a worm is
self-contained and does not need to be part of another program to propagate.
The main difference between a computer virus and a worm is that a virus can
not propagate by itself whereas worms can. A worm uses network connections to
send copies to other systems. In general, worms harm the network and consume
bandwidth, whereas viruses infect or corrupt files on a computer. Viruses generally
do not generally affect network performance.
The name 'worm' was taken from The Shockwave Rider, a 1970s science fiction
novel by John Brunner. Researchers writing an early paper on experiments in
distributed computing noted the similarities between their software and the
program described by Brunner and adopted the name.
Worms generally also carry what is called the "payload", which is
its purpose for spreading, or what it is trying to spread. A common payload
is for a worm to install a backdoor on the infected computer, as was done by
Sobig and Mydoom. These zombie computers are used by spam senders for sending
junk email. Spammers are thought to pay for the creation of such worms, and
worm writers have been caught selling lists of IP addresses of infected machines.
Others try to blackmail companies with threatened DoS attacks. The backdoors
can also be exploited by other worms, such as Doomjuice, which spreads using
the backdoor opened by Mydoom.
As was stated above, while these are common uses for modern worms, the Kama
Sutra, according to F-Secure, appears to be only interested in propogation and
destruction.
There are several virus protection packages which can seek out and remove the
Kama Sutra worm from your system. Be sure to scan your computer, even if you
would never open a porn related email. You can find a free scan for the Kama
Sutra on Symantec's
Security Response website if you don't have a full virus protection program.
This article may not be copied or distributed in part or in full from this site and is copyright D24 Media Limited.
|
