Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Kama Sutra Wimps Out

The Kama Sutra worm has apparently not had nearly the impact security experts feared it might. News services including Reuters are reporting that the virus, also known as Blackworm, Blackmal, MyWife, and Nyxem, is not widespread and infection rates are relatively low. Plenty of advance notice and good defense are being credited for the mildness of the malware's impact.

Kama Sutra, which hides inside email attachments, carries a payload that activates on the third day of each month (today is the first such day since the virus was released). The virus attempts to disable many security programs -- including those from Computer Associates, Kaspersky, McAfee, Panda, Symantec, and Trend Micro -- so that it can't be detected.

It overwrites data files in many formats used by popular productivity apps with a text string, "DATA Error [47 0F 94 93 F4 F5]". Affected applications in clude Microsoft Office (.doc, .xls, .mdb, .mde, .ppt, .pps) and Adobe (.pdf, .psd), compression formats (.zip, .rar) and memory dumps (.dmp).

The worm searches for these file formats on all drives connected to the infected PC, including external hard drives, mounted network drives, and USB flash drives.