January 26, 2006 4:57 PM PST

Kama Sutra worm set to bite next week

Related Stories

Kama Sutra worm seduces PC users

January 23, 2006

All quiet on the Sober front

January 6, 2006
Businesses have been warned to brace themselves for a possible traffic spike next week caused by the Kama Sutra worm.

The virus, dubbed Nyxem.E among other names, was first reported on Jan. 16. It is thought to have infected more than half a million PCs. Security vendor IronPort warned Thursday that these machines are now hard-coded to propagate the virus on Feb. 3.

Companies are unlikely to be directly affected if they are running up-to-date antivirus software, because the major antivirus vendors have now released patches. But IronPort warned that companies could experience secondary effects, as the virus tries to propagate itself by harvesting e-mail addresses on an infected machine.

"The knock-on effects will come as compromised PCs try to communicate with businesses. This will cause additional e-mail and network traffic and a possible slowdown in e-mail response time," said Jason Steer, a technical consultant at IronPort.

F-Secure has reported that Nyxem.E reached the top position on Thursday in its virus statistics list, with 21.7 percent of all reported infections. The worm has infected some 300,000 systems, according to a Lurhq analysis of logs from a Web site statistic counter that the worm uses to keep track of its spread.

Once active, Nyxem will try to delete all Word, Excel, PowerPoint and PDF file types from a compromised PC. The multifaceted malicious software will also attempt to propagate itself, both through e-mail and as a network worm, which can be particularly damaging on closed networks.

"Nyxem is certainly malicious. It can be delivered via e-mail, but also as a network worm. It probes other PCs on a closed network to compromise them and send itself to the other computers, to infect as many hosts as possible," Steer said.

The malicious software hides in attachment types not typically blocked by attachment filters, IronPort said.

The Internet community will not know the scale of the February attack until it occurs. "It depends on how many hosts are infected," Steer said. "At the moment it's just sitting there quietly, and we won't know how many home users have been infected until Feb. 3."

Businesses should warn their employees not to open suspicious e-mails, and to know what these e-mails may look like. "The subject lines may contain some references to pornography--fairly typical stuff," Steer said.

"Be vigilant. Update your antivirus patches and make sure your hard disk has been scanned to detect and remove the virus," he added.

Nyxem has the potential to cause havoc throughout the year, as infected PCs are set to activate on the third day of every month, unless they are cleaned up.

Tom Espiner of ZDNet UK reported from London.


Join the conversation!
Add your comment
Kame Sutra=A Sure Succcess
What's funny is that the Kama Sutra worm will probably be a large-scale success. When it comes to eye-candy, the flesh is weak. The temptation will continue to be too great, for some---so far, around half-a-million computers have been infected.
This reminds me of the thousands who spread around the Paris Hilton screensaver last month, or those that got a virus when they visited one of Cristina Aguilera's fan sites. There always seems to be enough fools to spread these things around.
Posted by Michael G. (185 comments )
Reply Link Flag
Title line should read Kama Sutra=A Sure Success. I'm looking forward to the day when CNET News.com indroduces an editing function.
Posted by Michael G. (185 comments )
Link Flag
Hello I'm Joey, I say the govener needs to find a way to put a stop to these hackers stealing our ID Information & Credit cards #'s... It gets real annoying when you go to check your e-mail & it say's wrong password because you've been hacked! I mean I got hacked once myself but. I stoped it. I reported them & I never accepted anything els from anybody. Only people I know. Hacker's are real annoying. There is a "Hacker Squad" called g00ns. Maybe some of you have heard of them. Well, They hacked me once taking over my PC(computer). I don't know if they think it's funny or somthing but it makes me mad to see people falling for e-mail's & stuff that "fruads" send.
Posted by Joey280922 (4 comments )
Reply Link Flag
All Read this . About Correction(Typo)
Hello Correction(Typo) is a member of G00NS. www.g00ns.org , www.g00n.net www.g00n.com . Either one of them. Check members page. He will be in there. His name is [g00n]Typo.
Posted by Joey280922 (4 comments )
Reply Link Flag
That poster's name is not Correction(Typo), that's just the name of the post because he was pointing out a typo in his previous post : )
Posted by Michael Grogan (308 comments )
Link Flag
Sorry...No GOONS Here

I've never even heard of the group called GOONS, until you brought it up. My Correction(Typo) post is exactly that---a correction to a typo. In the title line, I accidentally typed Kame instead of Kama. It's that simple. I think you may have been confused because I capitalized the word Typo. I usually capitalize the words in the title lines to my posts---like the title words of books are capitalized.
Posted by Michael G. (185 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.