Kama Sutra Wimps Out

The Kama Sutra virus, which can overwrite files created by many popular apps, does less damage than security experts feared. Plenty of advance notice and good defense are credited for

February 3, 2006

1 Min Read
Network Computing logo

The Kama Sutra worm has apparently not had nearly the impact security experts feared it might. News services including Reuters are reporting that the virus, also known as Blackworm, Blackmal, MyWife, and Nyxem, is not widespread and infection rates are relatively low. Plenty of advance notice and good defense are being credited for the mildness of the malware's impact.

Kama Sutra, which hides inside email attachments, carries a payload that activates on the third day of each month (today is the first such day since the virus was released). The virus attempts to disable many security programs -- including those from Computer Associates, Kaspersky, McAfee, Panda, Symantec, and Trend Micro -- so that it can't be detected.

It overwrites data files in many formats used by popular productivity apps with a text string, "DATA Error [47 0F 94 93 F4 F5]". Affected applications in clude Microsoft Office (.doc, .xls, .mdb, .mde, .ppt, .pps) and Adobe (.pdf, .psd), compression formats (.zip, .rar) and memory dumps (.dmp).

The worm searches for these file formats on all drives connected to the infected PC, including external hard drives, mounted network drives, and USB flash drives.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights