LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Looking forward to Kama Sutra

[Posted February 1, 2006 by corbet]

Your editor recently found a bit of security advice in his mailbox:

A calm, reasoned, policy-based approach that covers all possible threats is what is needed to ensure that a company's corporate servers and workstations are protected.

This advice showed up in a message with a subject line reading "IMAGE YOUR SYSTEM NOW BEFORE THE KAMA SUTRA WORM HITS." It's a good thing these folks (a company called Acronis, which will happily sell you the tools to "image your system") are so calm and reasoned; it might not be fun to be around if they were to go into a panic.

Linux users, of course, remain blissfully unaware of the "Kama Sutra" worm (or "BlackWorm"). At most, it manifests itself as a couple of "give me a kiss" emails which SpamAssassin quickly learns to kiss off by itself. Those who work with Windows, however, may well find themselves more aware of this worm in the near future.

Kama Sutra/BlackWorm, like so many others, spreads via email attachments. It does have a couple of interesting features, however. One is that it goes out of its way to disable antivirus systems on infected systems, making those systems susceptible to other bits of roving malware which might wander by. And, on February 3, it will attempt to destroy files on infected systems. Anybody who is not aware of being infected is likely to find out fairly abruptly at that point.

Estimates of the number of infected systems run as high as 600,000 as of January 31. Most of those systems are in the U.S., India, and, interestingly, Peru; see this page for details. If you would like more information on this worm, including Snort signatures for blocking it, see the ISC BlackWorm page. And, for now, be glad you are running Linux.

(Log in to post comments)

Looking forward to Kama Sutra

Posted Feb 2, 2006 12:14 UTC (Thu) by samj (subscriber, #7135) [Link]

These viruses go to so much effort when they could just write some bytes at the start of the disk and get it all over with. I wonder whether things would be different if someone had done this years ago - maybe people would have woken up and actually cared about security.

We're all going to look back at this time and laugh one day. It'd be like being able to go back to the early days of currency with a $50 inkjet.

Looking forward to Kama Sutra

Posted Feb 3, 2006 3:38 UTC (Fri) by zblaxell (subscriber, #26385) [Link]

Most anti-virus software frowns on attempts to write the boot sector directly. Viruses that call attention to themselves early don't propagate.

Viruses that slowly damage data--ideally slowly enough to consume a full set of backup tape rotations without being noticed--are the most destructive of all.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds