Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kama Sutra Worm Could Make For A Bad Friday

Posted by Zonk on from the batten-the-hatches-tie-down-the-sails dept.

mikey1134 writes "CNN is running a story about the Kama Sutra worm, a virus that is coded to overwrite files of the (potentially thousands of) infected computers. They provide some background on this viral outbreak and warn users to protect themselves" From the article: "And even for home computer users who have never taken such precautions before, security experts say now would be a good time to back up your most important data, like financial information and family photographs, to CDs, DVDs, zip drives, or an external hard drive that you know is worm and virus free. Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no 'patch' that can be downloaded to ward off Kama Sutra."

17 of 317 comments (clear)

  1. Many Aliases and More Info by eldavojohn · · Score: 5, Informative

    For references, these are the enumeration names and where to go to make sure you have the latest anti-virus signature. Remember, this variant will uninstall and delete most anti-virus software so it's important to recognize it before it goes active tomorrow. Most virus definition software refers to it as CME-24. This is important since this worm has many different names including Nyxem.E, BlackWorm, Grew and Mywife.E.

    More on the worm and its permutations and statistics on spreading.

    A very detailed analysis with all types of files that may be affected.

    And, if it's worth anything to you, the Microsoft advisory which seems to tout that Windows Live Safety Center Beta can protect against it. If you're in charge of computer security at your workplace, I would send out an e-mail instructing everyone to verify that they have the correct anti-virus definitions and to scan their computers before leaving tonight. Luckily, that's not my job where I work.

    --
    My work here is dung.
    1. Re:Many Aliases and More Info by rkrabath · · Score: 5, Informative

      >> if i scan my hardrive tonighte with avg or macafee or norton, am i protected ?

      Possibly yes, but also possibly not. This virus wil disable many common AV programs. My reccomendation would be to use a specialized scanner such as the one from f-secure: http://www.f-secure.com/v-descs/nyxem_e.shtml. I just used that one myself.

      --
      Who do I have to blackmail to get some representation around here!?!?!?!?
    2. Re:Many Aliases and More Info by j-cloth · · Score: 5, Informative

      McAfee DATs 4642 and higher will catch it.

  2. Your computer... by bondsbw · · Score: 5, Funny

    ... really should have more flexible security.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  3. Write-once backups by truthsearch · · Score: 5, Insightful

    The best backups are those written to only once. Burn to a write-once only CD or DVD. Don't back up to an external hard disk. As soon as you plug it in anything can happen, either from Windows itself or from malicious software (redundant, I guess).

    In the old days we backed up to tape and flipped a switch so the tape couldn't be overwritten. Today it's burn-once disks. Don't trust anything but physical protections from disk writes.

    --
    Developers: We can use your help.
    1. Re:Write-once backups by charlesnw · · Score: 5, Insightful

      You evidently don't have a lot of data to backup. My nightly backups are almost half a terabyte. If I didn't reuse media, I would have a very hard time getting my budget approved. Media isn't cheap. 100 tapes is $10,000.00. Write once is nice but doesn't work in real life. Unless you have small amounts of data that fit on one TAPE or DVD. And if you have to store your backups (we have to store offsite for 7 years) you would be paying 2 arms and 3 legs in storage and handling fees.

      --
      Charles Wyble System Engineer
    2. Re:Write-once backups by Anonymous Coward · · Score: 5, Funny

      I remember those days. There was this guy called Moses who had received some seriously important data on top of some mountain. He goes down the mountain, and he breaks the tablets. He didn't make backups, so he had to go back to his client and ask for a new copy of the data. Very embarrasing.

      That should serve as a warning to everyone; always make backups. Especially with important clients like that.

  4. Oh yes, this by voice_of_all_reason · · Score: 5, Insightful

    This is the virus that MS has a patch from their fancy new Remote System Control program, right? Simply agree to download and blindly run any code they decide to send, let 'em take a peek at what you're running from time to time, and send regular status reports to the nice windows home base -- and then, we'll protect you from the nasty viruses!

    And remember, kids... that's a nice computer. Would be a shame if something were to "happen" to it, you know what I mean?

  5. But but but we want a patch!!! by Siberwulf · · Score: 5, Informative

    "Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no 'patch' that can be downloaded to ward off Kama Sutra."

    Half the articles i read yesterday about this said that the public was being screwed over becuase MS wouldn't release a patch.

    The only patch for stupid is a swift boot in the ass.

  6. More Obligatory Kama Sutra Jokes by fishdan · · Score: 5, Funny

    So I guess Kama Sutra could put some IT professionals in some awkward positions

    --
    Nothing great was ever achieved without enthusiasm
  7. i have a patch by tehwebguy · · Score: 5, Funny

    just turn your computer off before midnight, and leave it off until saturday.

    --
    -- lol pwned
  8. Zip drives? by Dr.+Sp0ng · · Score: 5, Funny

    ...to CDs, DVDs, zip drives, ...

    What is this, 1996?

  9. Strange... by casualsax3 · · Score: 5, Funny

    Anyway I like how virus names are slowly getting edgier. Kama Sutra is a good one, but it'll be great fun when someone names a virus the Angry Dragon, Cleavland Steamer, or the Dirty Sanchez. I eagerly await the day when the words "Rusty Trombone hits America hard" grace CNN's frontpage :)

  10. Clue About How To Detect Whether You're Infected by Fleetie · · Score: 5, Informative

    This URL would seem to provide some hints about how to check whether you're infected.
    It mentions some registry keys that the worm sets up.

    http://www.sophos.com/virusinfo/analyses/w32nyxemd .html

    --
    "Absorbing your worst..."
  11. Go Ask Alice by RobertB-DC · · Score: 5, Funny

    From TFA:
    "So while you might think it is coming from cousin Alice, most likely cousin Alice is not going to send you something that says 'Hey look at these pictures with naked people.' So that should be your first clue that a virus is propagating and you'd be well served to call cousin Alice to let her know that she is [unknowingly] sending out this type of e-mail," Sergile said.

    Mr. Sergile, you obviously haven't met my cousin Alice.

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  12. CME-24 aliases, information, and removal tools by Futurepower(R) · · Score: 5, Informative

    Here's how to know the difference between a money-making press release, and an honest story: The press release says "Fear, fear, fear!!!"

    The honest story gives you links to tools for eliminating the threat: You can run this tool: W32.Blackmal@mm Removal Tool, which apparently removes all variants of the worm.

    Here are manual instructions: WORM_GREW.A, Also known as: CME-24

    Here is the list of names of the CME-24 worm, and links to removal methods: CME-24 aliases, information, and removal tools.

  13. Oh leave off it by Sycraft-fu · · Score: 5, Insightful

    There's no patch because it's not a vulnerability, it's a virus. The only thing you can patch is the users that still won't follow directions and not open executable attachments. The OS is working as intended when it executes code you ask it to, which is how this virus gets on.

    This "OMG MS won't patch t3h systems!!!11" stuff on Slashdot is getting old. No, they won't patch it because there's nothing to patch. Duh. They have decided to add it to the malicious software tool, which is a mini virus scanner akin to Stinger from Mcaffee, which scans for a limited subset of viruses, but that's not a patch. Windows OneCare, which is NOT a remote control system by the way, does find it because, well, it's a virus scanner just like any other. It catches it just like AVG, F-Secure, Norton, and so on, which is to be expected as it's a competitor.

    So let's leave off the bullshit ok? There are two easy methods to prevent this from hurting your system:

    1) Don't run random programs that some with e-mails. If you use Outlook Express, it'll even tell you not to (twice).

    2) Get a virus scanner. Doesn't need to be MS's, there are many good ones out there. I recommend AVG, it's fast and free.