Your editor recently found a bit of security advice in his mailbox:
A calm, reasoned, policy-based approach that covers all possible
threats is what is needed to ensure that a company's corporate
servers and workstations are protected.
This advice showed up in a message with a
subject line reading "IMAGE
YOUR SYSTEM NOW BEFORE THE KAMA SUTRA WORM HITS." It's a good thing these
folks (a company called Acronis, which will happily sell you the tools to
"image your system") are so calm and reasoned; it might not be fun to be
they were to go into a panic.
Linux users, of course, remain blissfully unaware of the "Kama Sutra" worm
(or "BlackWorm"). At most, it manifests itself as a couple of "give me a
kiss" emails which SpamAssassin quickly learns to kiss off by itself.
Those who work with Windows, however, may well find themselves more aware
of this worm in the near future.
Kama Sutra/BlackWorm, like so many others, spreads via email attachments.
have a couple of interesting features, however. One is that it goes out of
its way to disable antivirus systems on infected systems, making those
systems susceptible to other bits of roving malware which might wander by.
And, on February 3, it will attempt to destroy files on infected
systems. Anybody who is not aware of being infected is likely to find out
fairly abruptly at that point.
Estimates of the number of infected systems run as high as 600,000 as of
January 31. Most of those systems are in the U.S., India, and,
interestingly, Peru; see this page for
details. If you would like more information on this worm, including Snort
signatures for blocking it, see the ISC BlackWorm
page. And, for now, be glad you are running Linux.
to post comments)