TELECOM Digest OnLine - Sorted: File Destroying Worm Not Causing Much Damage


File Destroying Worm Not Causing Much Damage


Anick Jesdanun (ap@telecom-digest.org)
Fri, 3 Feb 2006 12:53:29 -0600

By ANICK JESDANUN, AP Internet Writer

One Italian city's government shut down its computers as a precaution
but a file-destroying computer worm otherwise caused relatively little
damage when it triggered worldwide Friday.

Hundreds of thousands of computers were believed to be infected, but
many companies and individuals had time to clean up their machines
this week after security vendors and media outlets warned of the "Kama
Sutra" worm.

"It's been pretty quiet," said Mikko Hypponen, chief research officer
for Finnish security company F-Secure Corp. "We know the word is out
there."

In Milan, Italy, technicians switched off 10,000 city government
computers after discovering the infection Thursday when they had been
warned in various internet newsgroups and deciding they didn't have
enough time to clean the machines before the worm would began wreaking
havoc on Friday.

"It has spread to all our computers," said Giancarlo Martella, Milan's
councilman for technological innovation and public services. "Knowing
how destructive it is, we turned off all personal computers to avoid
losing our data."

Only the municipality's registry office had been kept open because its
"passive terminals" don't store data, Martella said, adding he hoped
the computers would return to normal by Monday.

Experts had warned earlier that the worm, also known as "CME-24,"
"BlackWorm," or "Mywife.E," or various other pornographic names could
corrupt documents using the most common file types, including ".doc,"
".pdf," and ".zip." The worm, nicknamed after the Hindu love manual
Kama Sutra because of the pornographic come-ons in e-mails spreading
it, affects most versions of Microsoft Corp.'s Windows operating
system, prompting the software giant to issue a warning Tuesday.

Although the worm tries to disable anti-virus software, vendors have
generally posted updates that should protect users. Assuming the
computer's internal clock is correct, users can also avoid the worm by
leaving their machines off until Saturday, although the worm is set to
trigger again on March 3, and on the third day of each month
thereafter.

Security vendors Trend Micro Inc. and CA Inc. both assessed the
overall risk and distribution as low. The worm wasn't expected to
spread any more quickly Friday. Rather, Friday was the first trigger
date for the file-destroying code.

"It's well past the deadline but we haven't confirmed any cases of the
Kama Sutra in Japan, which suggests we're not looking at a major
outbreak," said Itsuro Nishimoto, an executive at Tokyo-based computer
security company LAC Corp. "It has been Friday here for almost a day
already," he noted.

A manager at Hong Kong's official coordination center for computer
emergencies said he had not received any reports or calls for help
from those infected by the worm.

"It began spreading late last month but we haven't received any calls
in the past two weeks," Roy Ko said. "We don't expect to receive any
today, either."

Ajit Pillai, India's manager for U.S. security firm Watchguard
Technologies Inc., said about 10 percent of his customers in the
country had the worm, but they "followed the remedies and managed to
avoid any problem."

"We didn't have to do any firefighting today," Pillai said.

Unlike other worms generally designed to help spammers and hackers
carry out attacks, Kama Sutra could inflict more damage because it
sets out to destroy documents.

"This virus is nowhere near as widespread as some of the (recent
virus) cases," Hypponen said. "The reason it's talked about is because
it's more destructive."

He said damage is high among those hit, but many businesses should already
be protected by anti-virus software. Home users and smaller companies
without the latest software updates may be more vulnerable. But he
noted that pornographic stuff is so common on the internet, that
people who were not familiar with the worm itself might not take any
special notice of it at first. He said one thing people could do is if
they normally use AOL or Yahoo -- two email systems with a very high
volume of spam and porn -- is to either simply quit using those
systems or monitor email from those two very closely. And of course,
in any event keep fresh loads of anti-virus software on their machines.

Associated Press writers Ariel David in Rome, Sylvia Hui in Hong Kong
and S. Srinivasan in Bangalore, India, contributed to this report.

Copyright 2006 The Associated Press.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Gregg Keizer: "FAQ on Latest Worm"
Go to Previous message: hancock4@bbs.cpcn.com: "Re: Challenge to Hospitality: The ID Check in the Lobby"
TELECOM Digest: Home Page