January 30, 2006 10:32 AM PST

ISP sends alert to Kama Sutra victims

A British Internet service provider is notifying customers whose systems it believes may be infected with the Kama Sutra virus.

When a computer is infected by the worm, which also goes by Nyxem.E and other names, it visits an online Web counter that tallies up how many PCs have been infected. U.K.-based Easynet said it is monitoring traffic to this Web counter and sending a virus alert to every person who visits it.

ISPs have come under criticism for failing to responsibly monitor the data they pipe to home users and to share the responsibility for the ever-growing burden of virus and spam that is falling on businesses and consumers.

"ISPs do the equivalent of pumping out raw sewage into your home. You wouldn't expect to have to filter your own water, so why do home users have to filter their own data?" Paul Wood, a senior analyst at hosted e-mail and Web security company MessageLabs, said in November.

In May, the Federal Trade Commission, in tandem with some counterparts worldwide, said it planned to ask ISPs to help crack down on "zombie" networks of computers that send out spam.

F-Secure applauded Easynet's move in its blog, encouraging other ISPs to get in contact with customers who may be affected by an attack.

"We think it's a good idea that ISPs warn people about viruses in general, and I think it's a great idea that Easynet proactively took this step," F-Secure security expert Patrik Runald said. "Obviously, with 300 or 400 viruses being detected every day, ISPs can't warn their customers about all of them. But in this type of case, it's a really good idea."

The security company encouraged other ISPs to notify any customers whose systems may have been infected by the Kama Sutra worm before Feb. 3, when the virus is due to deliver its payload.

"We thought this was an excellent idea and wanted to promote it! We encourage other ISPs to do the same, as it will help users disinfect their machines before the 3rd of February," F-Secure wrote on its blog.

The payload is programmed to delete all Microsoft Word, Excel and PowerPoint file types, as well as Adobe Systems PDF files, from a compromised PC. The multifaceted malicious software will also attempt to propagate itself, both through e-mail and as a network worm, which can be particularly damaging on closed networks.

"Nyxem is certainly malicious. It can be delivered via e-mail, but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible," Jason Steer, a technical consultant at security company Ironport, said on Thursday.

The malicious software hides in attachment types not typically blocked by attachment filters.

Companies are unlikely to be directly affected by Kama Sutra if they are running up-to-date antivirus software, Ironport said, because the major antivirus vendors have now released patches. But the company warned on Thursday that businesses could experience secondary effects as the virus tries to propagate itself by harvesting e-mail addresses on an infected machine.

"The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional e-mail and network traffic, and possible slow down e-mail response time," Steer said Thursday.

Tom Espiner of ZDNet UK reported from London.

4 comments

Join the conversation!
Add your comment
Wrong, wrong, wrong.
ISPs are NOT responsible for monitoring the data that is transported to their systems. The analogy of comparing Internet access to water pipes is so wrong. I quote:
"ISPs do the equivalent of pumping out raw sewage into your home. You wouldn't expect to have to filter your own water, so why do home users have to filter their own data?"
The analogy that should have been used is the telephone network. The phone company provides you, the end user, with a clear phone line that can be used to talk to anyone or anything that also interfaces with that network. Saying ISPs are responsible for the content that users download is ridiculous! That would be like holding the telephone companies responsible for a little old lady that falls victim to a telephone scam. It is the USER'S responsibility to obtain antivirus software, keep it up to date, and use a little common sense when going through their inbox!
As I have said before, ignorance of this "new digital age" is no excuse for not taking the slightest interest in protecting yourself. The information about how to protect yourself against viruses and phishing is out there. All you need to do is a little reading.
Posted by thenet411 (415 comments )
Reply Link Flag
Er... no...
Whilst I agree that the analogy was dodgy (sewage filtering etc.),
you must agree that an ISP taking steps to protect its customers
is a good thing? Even if (dons cynical hat), it's simply a move to
a) protect the integrity of their own network and b) get some
good PR.

Whilst I agree that it is a user's responsibility to protect
themselves (anti-virus software, whatever), you can't compare
people like me and, I asume, yourself - who read, for example,
CNet's news coverage - to your Great Aunt. The information may
be out there to learn how to protect themselves but they don't
read it. People expect computers to just work and do the job(s)
they spent their hard earned cash on them to do - whether that
be write documents, visit web sites or edit videos. They don't
want (or expect, or understand) that to keep the system working
properly they have to spend half their day downloading patches,
anti-virus signatures etc. Do you spend your time checking the
plumbing on your washing machine? Or do you just expect it to
work?

(As an aside, if I'm honest, this "just damn work" mentality is
what drove me to use just Macs... I'm so much more productive
when I don't have to worry about viruses, spyware and trojans).

Here endeth the lesson,
RB
Posted by ross brown--2008 (57 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.