- Servers
- Desktops
- Laptops
- Tablet PCs
- PDAs
- Smart phones
- Digital cameras
- Camcorders
- Printers & multifunction devices
- Scanners
- Copiers
- Monitors & projectors
- Hard drives & burners
- Peripherals
- Productivity
- Accounting & finance
- Data management
- Graphics & publishing
- Web publishing
- Operating systems
- Security & utilities
- Downloads & trial software
- Handheld software
- Instant messaging
- Cell phones & plans
- Voice over Internet
- Telephones
- Routers & gateways
- Wireless networking
- Network adapters
- Internet access
- Web hosting
- Domain search
- Hotspot Zone
- Desktops
- Laptops
- Servers and storage
- PDAs
- Cell phones
- Monitors & projectors
- Printers
- Networking and wireless
- Security and utility software
- Productivity software
- Access, hosting, and services
- All business buying guides
Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays
CNET Security Center: Your complete source of antivirus and Internet security information.
This mass-mailing e-mail worm uses an old trick--the lure of pornography--and may delete your critical Microsoft Office files.
By Robert Vamosi (January 26, 2006)
What it does: Disables security apps and attempts to overwrite data files on your PC.
Means of transmission: E-mail and shared network files
How to recognize: E-mail suggesting a sexually oriented file attachment, and possibly the inability to run an antivirus scan.
Who is at risk:All Windows users.
How it works
Kama Sutra arrives via e-mail with subject lines similar to the following list:
The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fu**in Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny :)
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Fw: Picturs
Fw: DSC-00465.jpg
Word file
eBook.pdf
the file
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos
According to antivirus vendor McAfee, Kama Sutra adds the following files to an infected system:
%Windows%\rundll16.exe
%System%\scanregw.exe
%System%\Update.exe
%System%\Winzip.exe
c:\winzip_tmp.exe
%Temp% \word.zip
Kama Sutra also installs the following registry key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ScanRegistry" = "%System%\scanregw.exe /scan"
The worm will attempt to copy itself to the following shares, using the current user's authentication:
C$\documents and settings\all users\start menu\programs\startup\winzip quick pick.exe
Admin$\winzip_tmp.exe
C$\winzip_tmp.exe
Once executed, Kama Sutra attempts to delete or disable active security protection from Norton, McAfee, Trend Micro, and Kaspersky security products.
Prevention
Kama Sutra infections can be avoided if a personal firewall is enabled on a desktop PC, if attachments to e-mail files are not opened (or opened with caution), and if your antivirus subscription remains current.
Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see:
Computer Associates: Win32/Blackmal.F!Worm
F-Secure: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/MyWife.e
Panda: W32/Tearec.A.worm (W32/MyWife.E.Worm)
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
Trend Micro: WORM_GREW.A (Worm_BLUEWORM.E)
.
