February 3, 2006 2:28 PM PST

Kama Sutra worm hype may bite back

The Kama Sutra worm's anticipated bombshell ended up fizzling out, but experts are still divided on whether the brouhaha over the threat was justified.

The alarm around the worm may have helped avert a disaster for some PC users, since they were able to take action and clean up their computers, some experts say. But others fear that the predicted doomsday scenarios followed by a nonevent may cause PC users to become complacent about security alerts.

Kama Sutra, also known as MyWife, Nyxem, Blackmal and Grew and given the industry identifier CME-24, was designed to begin overwriting files on infected computers this morning. However, the worm that spread under the guise of pornographic content has caused virtually no damage, according to antivirus makers.

"It has been a nonevent," said Vincent Weafer, senior director at Symantec Security Response. "We have been tracking our consumer tech support: Less than a handful of people worldwide have called in saying they might be infected."

One Italian city shut down its computers as a precaution after discovering an infection, according to media reports. Otherwise, the time bomb some in the security industry predicted the worm would be just fizzled.

But Kama Sutra was never going to cause mayhem on a large scale, said representatives for Symantec, McAfee and Trend Micro, the world's top three antivirus software makers. All three never raised their alert above "low" or "medium." Yet the level of public alarm generated over the worm was significant.

"It got a lot of media attention because of the name and the illicit material, but it did not get attention from the major antivirus companies," Siobhan MacDermott, a McAfee spokeswoman, said. "We kept the threat level low."

There was "some hype" fueled by some in the security industry that published high infection numbers, Symantec's Weafer said. "You have to be very balanced in your alerts. Some were throwing out crazy numbers and talking about this as if it was going to be a global attack. It was never going to be that."

Antivirus company F-Secure, for example, on Thursday displayed a map of the world on its Web site that suggested there was a large-scale infection around the globe.

The danger of hype is that PC users will become complacent about security alerts and not take any action the next time around, Weafer said. "You don't want consumers to say: 'This one was nothing, why would I care about the next one.'"

But others say the alarm over Kama Sutra was warranted.

"The reality is that there could have been hundreds of thousands of computers with overwritten files today," said Ken Dunham, the director of rapid response at iDefense. "Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community."

At F-Secure, experts aren't convinced the Kama Sutra attack is over.

"(The) vast majority of the machines infected...are home computers. Nothing will happen on them until people get home from work and boot up their machines," Mikko Hypponen, F-Secure's chief research officer, said in a blog posting Friday. "We'd like to think that they whole problem was avoided and everybody cleaned up their machines in time. But unfortunately, that's probably not true."

F-Secure predicts that the full scope of the problem won't come to light until the weekend or early next week.

Meanwhile, McAfee, Symantec and Trend Micro say Kama Sutra has come and gone. Still, PC users should keep their antivirus software up to date to be protected against possible variants.

See more CNET content tagged:
Kama Sutra worm, F-Secure Corp., security alert, McAfee Inc., Symantec Corp.


Join the conversation!
Add your comment
After all after so much Panic ware,feelings grief, understimations indifference of opinons,etc. I made it my personal business, and privacy to protect myself from what ever comes with yes,"Norton System Works" and i uninstalled IE 7 beta just in case and got out of that night mare i should have known better,nothing was broken thanks God and back to both ie 6 and Firefox 1.5.01 *conclude:What ever it was that cause the brouhaha if there ever was one instead i take this like a fire drill course lol.I need a break seeya...
Posted by CARIBE49 (11 comments )
Reply Link Flag
This reminds me of The Minerva Virus
A book I just read. Very frightening about an out-of-control
computer virus.

There is a free full text download of the novel posted here:

<a class="jive-link-external" href="http://www.theminervavirus.com" target="_newWindow">http://www.theminervavirus.com</a>
Posted by Zerby (2 comments )
Reply Link Flag
Maybe wrong view?
Maybe instead of saying that this was hype followed by a non-event, give credit where it is due and thank the network admins that made sure their networks either weren't vulnerable in the first place or cleaned the infections well before the payload was scheduled to go off. Without their efforts, this worm had the potential to live up to at least a part of the "doomsday scenario" presented.
Posted by Z4ns4tsu (13 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.