Concern Grows over Blackworm, Kama Sutra virus

Be warned, update your anti-virus and backup your data. Do not open attachments you are not expecting.
--------------

Concern Grows over Kama Sutra Computer Virus
02.01.06

By Michael Kahn, Reuters

SAN FRANCISCO—A destructive worm posing as a pornographic e-mail may already have infected hundreds of thousands of computers and could erase many everyday files on Feb. 3, security experts warned on Tuesday.

The "Kama Sutra" worm, which targets popular Microsoft Corp., Adobe Systems Inc. and ZIP files, is a threat because many users will not know the virus has infected their computers until it is too late, security experts said.

They also estimate that the worm—which spreads by e-mailing itself to addresses in an infected computer's mailbox—may already have slipped onto 275,000 to 500,000 machines and is now simply waiting to obliterate files on Friday.

The virus, also known as Grew.A or MyWife, tricks users by appearing as an e-mail attachment with subject lines such as "Hot Movie," "give me a kiss" and "Miss Lebanon 2006."
Some variations refer to the ancient Kama Sutra guide to elaborate sexual positions in order to attract attention and convince victims to open.

"It claims to be a movie or picture with some sort of sexual content," said Johannes Ullrich, chief research officer at the nonprofit SANS Institute research group. "That is how it tricks you."
The virus causes a keyboard and mouse to freeze up and then disables anti-virus programs when the computer is restarted, leaving a machine vulnerable, said Ken Dunham, rapid response director at VeriSign Corp.'s security unit iDefense. The attack is scheduled to begin at midnight on Feb. 3.

The virus mainly has infected computers of vulnerable consumers and small businesses, which are far less likely to have up-to-date security software, he said.

The Kama Sutra worm also stands out because its primary purpose is to destroy files rather than to seek financial gain or to take control of a computer, security experts said.
Dunham said any users who suspect they may have triggered the worm should reinstall an anti-virus program and make sure the virus has been removed.

"It is already under way and will be activated unless people get removal tools," he said. "If you have opened an e-mail and your computer froze up, you should be very concerned."

Article from PCMag.com.