The Hindu Business Line : KamaSutra's impact marginal

THE BlackWorm or KamaSutra worm, that was programmed to overwrite files on infected Windows PCs today, appears to have caused marginal impact. Most of the users and businesses seem to have taken measures to disinfect their systems, said top IT security experts.

"Although it is too early to say, we have not seen a panic anywhere. We have received 150-160 calls — most of them seeking information about the virus. We have already informed 800 user organisations including banks, airlines, large networks and other critical infrastructure about the worm. However, we are careful and are maintaining a vigil," Dr Gulshan Rai, Director, Indian Computer Emergency Response Team (CERT-In), told Business Line.

Dr Rai refuted reports that the virus had hit several thousand computers in India. "Marginal systems may have been affected, including home users. On any given day you have some computers being affected by viruses. But the actual impact of this virus will be known only in a day or so," he pointed out.

The Win32/MyWife.E@mm, also known as Nyxem-E, BlackWorm or KamaSutra worm, is a mass-mailing virus that contains its own SMTP engine to construct outgoing messages. It also has the ability to spread through open network shares and attempts to disable security software as well as overwrite files on the third of every month. It harvests addresses from local files and then uses the harvested addresses to send itself.

However, most of the antivirus companies maintained that the worm did not wreak havoc as was being anticipated. "It has been a uneventful Friday, as we have not got a single call from users. The vulnerability was detected in December and we had immediately patched it. Most of our customers had updated their files since then and are hence protected. Globally also the impact has been minimal," said Mr Kartik Shahani, Sales Director - India and SAARC, McAfee Inc, an intrusion prevention and security risk management company.

The KamaSutra worm poses as an email message offering a plethora of salacious content. Subject lines used in the malicious emails include: The Best Videoclip Ever, Miss Lebanon 2006 amongst others. Once infected, machines start to spew out additional copies of the worm. Nyxem-E is also programmed to overwrite files DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP on local drives.

"Most of the companies have antivirus installed and we have not received any complaints today. There may be some instances where computers which either did not have an antivirus software or did not update it witness execution of the payload," Mr Ferdinand Gomes, Manager - System Engineers, Symantec Corp said.