FAQ: How bad is this latest Virus?

From Information Week...

FAQ: How Bad Is Kama Sutra?

Sometime on Friday, computers already infected with the Kama Sutra worm will suffer potentially catastrophic damage.
Here's what you need to know.

By Gregg Keizer TechWeb News Feb 1, 2006 05:06 PM

Sometime on Friday computers already infected with the Kama Sutra worm will start writing over important documents, rendering them useless and potentially causing catastrophic damage to consumers and businesses.

The worm, though not nearly as widespread as several that hit Windows PCs in 2005, has caught users' attention for that reason. It's a throw-back to times when hackers crafted their code to destroy data, not to make a buck.

What is this worm called? Good question. According to some lists, the worm has more than two dozen monikers. The most popular, though, are Kama Sutra, Blackworm, Blackmal, MyWife, and Nyxem. It's also been dubbed CME-24 by the Common Malware Enumeration database, which is supposed to provide one name for malicious code.

What will the worm do? On Friday, the worm will write the text string "DATA Error [47 0F 94 93 F4 F5]" over all data in files with file formats from Microsoft Office (.doc, .xls, .mdb, .mde, .ppt, .pps) and Adobe (.pdf, .psd), as well as popular compression formats (.zip, .rar) and memory dumps (.dmp). The worm will seek out these files on all connected drives, including mounted network drives, USB-based flash drives, and external drives.

It also disables many popular security programs -- those from Computer Associates, Kaspersky, McAfee, Panda, Symantec, and Trend Micro -- so that users won't be able to sniff it out once it's planted on the PC.
When does it start destroying files? According to the security firms which pulled apart the worm's code, it will overwrite files on the third of each month, local time. Friday, Feb. 3, is the first such trigger. The worm will activate by looking at the PC's clock -- not, as have other worms, by synchronizing with time servers -- which is why there have been scattered reports of damage already. Helsinki-based F-Secure, for instance, has said it has received reports from users -- with incorrectly-set PC clocks -- who have had files overwritten.

Entire article here.