Kama Sutra worm threat shrivels

The Kama Sutra worm, designed to begin deleting files on infected computers this morning, has caused virtually no damage, according to antivirus firms.

The worm, also known as Nyxem.E, MyWife and Blackworm, has been circulating for a couple of weeks, and antivirus vendors said businesses have done well to ensure that their networks were protected against the pest.

There have been "no reports of any (Kama Sutra) detonations so far. Also, the virus seems to be dropping in e-mail prevalence. It was down to second place yesterday, according to our monitoring stations, and slid again into third place today," Paul Ducklin, head of technology at Sophos Asia-Pacific, told ZDNet Australia.

The worm's ranking was overtaken by MyDoom and Netsky variants, which have been around for a number of years.

"It seems reasonable to assume that Nyxem (Kama Sutra) isn't going to be the disaster that some local speculation may have suggested," Ducklin added.

McAfee Asia-Pacific shared Ducklin's view. "No local outbreaks reported, and very few reports of infections. Most companies are seeing the virus at the gateway, but not in large numbers--typically a few hundred viruses are blocked," McAfee marketing director Allan Bell said.

Although no outbreaks have been officially reported, the Internet Storm Center noted some "unconfirmed" reports of damage have arisen in India.

Security experts at F-Secure said that home users will most likely be the ones affected by the worm and, as a result, will not be hit until they boot up their computers after coming home from work.

"The full scope of the problem won't come to light until during the weekend or early next week," according to a posting by Mikko Hypponen, F-Secure's chief research officer.

Munir Kotadia of ZDNet Australia reported from Sydney. CNET News.com's Dawn Kawamoto contributed to this report.

[thedreaming]

Ready for it

Been reading about it for a few days, I took steps. I have a hardware firewall and a software one. I have my antivirus program fully updated and running resident, as well as scanning every week. I had my anti spyware program updated and also scanning every week. I made a backup last night and I uninstalled my old office in favor of openoffice. I converted all my office data files to opendocuments and to top it off, I turned off my computer for the day.

Yeah, I know, that might be overkill but it's like sex. The best way to protect yourself, is not to have it.

[keyboard55]

I took steps, too...

... got a Mac! ;-)
It never ceases to amaze me what Windoze users go through--
and consider it just the price of computing-- to try to keep their
systems defended.
It also never ceases to amaze me that gobs of people (and I
know TWO of them personally) have gotten rid of their PCs and
gotten new ones 'cause the old ones were so infected with
viruses, spyward, etc., etc., that they could barely even boot up
anymore! And THEY just considered this part of the price...-
they also each knew others who had done the same.
UNBELIEVABLE!!

[n3td3v]

These worms arent designed for "damage"

Worms with a deadline to execute a second phase are never designed to cause damage. It's the impact on the media the author wants to generate.

Because a deadline is set, then the author knows theres going to be a media circus around his or hers creation.

This is the second deadline set worm in as many weeks....though... the media cirus surrounding the worm keeps any worm author more than happy.

Don't cry wolf too many times media ;-)

Your home users will start to call yur bluff... or generally just not take warnings seriously.

The media should be responsible in how many times "wolf" is cried.

[n3td3v]

Worms with deadlines

See... the worm author kind of knows every PC will be pacthed. The worm author knows the media will jump on it... these worms arent designed for damage. There wouldn't be a deadline in the first place if the creator really did want there to be maximum damage. Like i've said already... these worms play into the hands of the media... as intended.

I guess it gives the F-Secure's of the internet an artifical ego-boost... where they can say to their customers how much they protected them from evil.

[Christopher Hall]

Shocking!!

You mean the media blew this whole thing out of proportion? That's impossible, they never do that!

~cough, Y2K, cough~

[someguy389]

Preparation

Consider that perhaps the reason these threats resulted in little damage was because the media reacted. When they shouted about how much danger we were all in, maybe that just got everyone off their butts to take the proper precautions. This virus caused little damage because everyone patched. But maybe many of those only patched because they heard from the media that it was such a big deal. The same is a possibility for Y2K.

The fact that nothing major resulted from these incidents doesn't necessarily mean that the potential for damage was blown out of proportion.

[Waldie]

Feb 3 Worm?

Beginning today my ciomputer has been robbed of all the icons on the desktop. Is that the work of the KamaSutra Worm? I have all the necessary protection (Zone Al;arm Pro, up to date antiovirus, spyware detector etc.; But the icons are gone.

[Mr. Network]

Why did you take steps????

All you had to do was not open the attachment....like OMG that is soooo uber hard.

nubs.

Signed,
Your friendly neighborhood Microsoft zealot.

[n3td3v]

ha ha...yeah

The problem is... theres a lot of nUUbs out there...playing into the hands of the worm authors.

[lmoretti]

CONSPIRACY THEORY

I agree with the user comment that if the author of the worm really wanted to do max damage, they wouldnt be telling u of a deadline. Something interesting though - i rec'd an email from Zone Alarms that says they can protect my computer BUT ONLY IF I UPGRADE. A quote from the email - "Free ZoneAlarm Firewall will not protect you from BlackWorm <Karma Sutra>. Only ZoneAlarm premium products (ZoneAlarm Antivirus, Anti-Spyware, PRO, and Internet Security Suite) will protect against the BlackWorm."

So here's my thought - could it be that Anti-virus software makers are creating this 'virus' threat and the subsequent hype only for the sole purpose of buying their products? I've seen this marketing scheme before - anyone remember the movie 'the Blair Witch Project?' There outta be a law...until then, im just not gonna buy their stuff. There's enough freeware that does the same for me.

[catchall]

Possable but doubtful

ZoneAlarm free is a firewall. Think of it as a mote around a castle. This virus (worm, malware, whatever) has no problem crossing the mote; you, the user, drop the drawbridge and allow it safe passage.
No firewall can save you, once you have code inside, executing on the local machine. It can (with ZoneAlarm, but not the XP firewall nor the Apple firewall) help contain it, as ZoneAlarm blocks outbound connections as well.
The ZoneAlarm paid package includes Anti-Virus, which would nail this thing, easily.

I dont think CONSPIRACY THEORY, I think opportunistic advertising. Scare the ehck out of them, and get them to buy-buy-buy!

[someguy389]

Too big a risk

Anti-virus makers wouldn't risk that sort of move. If they got busted, we'd be talking serious punishment with no chance of leniency. Teenagers that write viruses get fines, probation, some short jail time (reform school, what have you) at the worst, assuming they don't bring down the entire Internet. Professionals unleashing viruses to make a buck under the guise of protecting consumers from those very same threats wouldn't be so lucky.

Frankly, they just don't need to do it anyway. Sure, they'll take advantage of mass outbreaks like this when they can, but the world is so scared of viruses as it is there isn't much need for the Anti-virus makers to heap on more fear.

[wbenton]

Statistical Info Collecting Probe???

Trends are changing, but by how far?

Past major viruses spreading occurred mainly because people didn't have virus checkers installed or the virus database files were out of date... but that trend has started changing with the increase in threats.

Likewise many past attacks have occurred due to no personal firewall installed or other security appliance installed what so ever, but with Microsoft's adding their own personal firewall to XP, many whom didn't have a firewall in the past are either using Microsoft's FW or other Personal Firewall.

That said... how much has the entire internet security level actually improved? Does anybody really know?

A threat of a new outbreak however, might prompt people to take extra ordinary measures to prevent such an outbreak and thus sending giving off alarms of a "possible" wide-spreading virus might give those in charge of managing the internet a bit of info as to how many users will react to such a threat.

However, if this is the case... it could also be a potentially dangerous tactic as it's fizzles out and turns into nothing much at all. Sort of like crying wolf when there isn't one. Thus next time such a warning comes out... people might tend to consider it just another false alarm and not take the appropriate action.

But all of this is assuming that somebody wanted to collect stastics about how many and how quickly people respond to such threats!

Walt