Kama Sutra Worm Could Make For A Bad Friday

mikey1134 writes "CNN is running a story about the Kama Sutra worm, a virus that is coded to overwrite files of the (potentially thousands of) infected computers. They provide some background on this viral outbreak and warn users to protect themselves" From the article: "And even for home computer users who have never taken such precautions before, security experts say now would be a good time to back up your most important data, like financial information and family photographs, to CDs, DVDs, zip drives, or an external hard drive that you know is worm and virus free. Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no 'patch' that can be downloaded to ward off Kama Sutra."

Many Aliases and More Info

[eldavojohn]

For references, these are the enumeration names and where to go to make sure you have the latest anti-virus signature [mitre.org]. Remember, this variant will uninstall and delete most anti-virus software so it's important to recognize it before it goes active tomorrow. Most virus definition software refers to it as CME-24. This is important since this worm has many different names including Nyxem.E, BlackWorm, Grew and Mywife.E.

More on the worm [sans.org] and its permutations and statistics on spreading.

A very detailed analysis [lurhq.com] with all types of files that may be affected.

And, if it's worth anything to you, the Microsoft advisory [microsoft.com] which seems to tout that Windows Live Safety Center Beta [live.com] can protect against it. If you're in charge of computer security at your workplace, I would send out an e-mail instructing everyone to verify that they have the correct anti-virus definitions and to scan their computers before leaving tonight. Luckily, that's not my job where I work.

Re:Many Aliases and More Info

[cinnamon colbert]

like totally unhelpfull..I didnot understand a word of your post or the links

Surely, there is a simple answer to this question:
if i scan my hardrive tonighte with avg or macafee or norton, am i protected ?
where do i download the patch ?

if not, this surely demonstrates that the protection companies aint worth a tinkers damm

Re:Many Aliases and More Info

[rkrabath]

>> if i scan my hardrive tonighte with avg or macafee or norton, am i protected ?

Possibly yes, but also possibly not. This virus wil disable many common AV programs. My reccomendation would be to use a specialized scanner such as the one from f-secure: http://www.f-secure.com/v-descs/nyxem_e.shtml [f-secure.com]. I just used that one myself.

Re:Many Aliases and More Info

[xeoron]

I would think one of the best solutions (along with backing things up) is to turn the system clock back a few days, until a proven removal tool can be used.

Re:Many Aliases and More Info

[Inda]

I know you're only trying to help but to answer the GP's post again.

Probably yes. That's a big 99.9% yes...

Yes, the Worm tries to delete anti-virus program files. Yes, tries to stop anti-virus software running at reboot. But if it's managed to do that, there's no way you're scanning your PC tonight anyway.

Update your definitions and scan now. Inform everyone you know not to open email attachments they weren't expecting.

Which brings me to another point: Do people really get hit with these anymore? It won't make it though all the major webmail services. You haven't been able to open *.PIF or *.SCR files in Outlook for years now. You almost have to go out of your way to get infected by email worms these days.

Don't get caught up in the media hype. This isn't another Blaster.

Re:Many Aliases and More Info

[j-cloth]

McAfee DATs 4642 [mcafee.com] and higher will catch it.

Re:Many Aliases and More Info

[Fishstick]

>where do i download the patch

You don't -- there isn't one. This does not exploit a vulnerability in the OS. It exploits a vulnerability in those willing to click email attachments.

Re:Many Aliases and More Info

[Anonymous Coward]

Surely, there is a simple answer to this question:
if i scan my hardrive tonighte with avg or macafee or norton, am i protected ?
where do i download the patch ?

I just emailed it to you. Click on the attachment to open it.

Re:Many Aliases and More Info

[Phillup]

You might be right... but he is representative of the average user.

So, while you scorn his 133t skillz... the point (which you missed) is legitimate.

Re:Many Aliases and More Info

[jericho4.0]

/. has changed markedly over the years, but still keeps it's technical orientation. This has become more obvious, IMO, since the emergence of digg.com, a site with lots of tech news, but very n00bish comments. How about we keep /. the way it is, instead of trying to dumb it down? The links provided contain lots of usefull info. You might not understand all of it, but you might learn something.

Re:Many Aliases and More Info

[hesiod]

> How about we keep /. the way it is, instead of trying to dumb it down?

Absolutely, and if you don't understand something, read the comments. Chances are pretty good someone else didn't understand either and asked. Or if that hasn't happened, post the question yourself. That's why the comments section is here!

Re:Many Aliases and More Info

[muszek]

[cut!] enumeration... [cut!] the latest anti-virus signature... [cut!] CME-24. ... [cut!] Nyxem.E, BlackWorm, Grew and Mywife.E.... [cut!] permutations ... [cut!] detailed analysis ... [cut!] advisory ... [cut!] Windows Live Safety Center Beta ... [cut!] security ... [cut!]

Nah, nobody needs that voodoo stuff. The virus only overwrites files of certain types. All you need to do is to turn off "show file extensions" option in Explorer to totally confuse the virus ;)

Sorry if I confused that option's name... I haven't touched a windows box in a while.

Re:Many Aliases and More Info

[muszek]

Mod +5 funny, he's being sarcastic people.

Last time I checked, I was not duped, thus I could only be a sarcastic person. But I wasn't sarcastic. There's a slight chance I could be wrong though - my grandmother just called me saying that she read my post and I could be wrong. She claims that my files haven't been overwritten only because the worm hasn't stroke yet. She also said that it's a scandal that her Ubuntu doesn't provide that ultimate security option.

Is this conversation actually happening?

[CrazedWalrus]

Hah!! *shakes head*

muszek: How long are you gonna lead this guy on? His sarcasm detector is clearly out to lunch.

Re:Many Aliases and More Info

[smeenz]

...so it's important to recognize it before it goes active tomorrow.

Timezones people... it was already 5 hours into "tomorrow" for New Zealand when you posted that message.

Apparently I'm not infected.. but then, I don't go around opening unsolicited attachments.

Re:Many Aliases and More Info

[smeenz]

//forgot to close italic tag

//even previewed it twice and didn't notice until after submitting.

Obligatory Kama Sutra Comment

[sumi-manga]

Better back up that pr0n too! :P

More Obligatory Kama Sutra Jokes

[fishdan]

So I guess Kama Sutra could put some IT professionals in some awkward positions

As long as you don't

[IAAP]

end up fucking yourself.

Re:Obligatory Kama Sutra Comment

[Firehed]

Hmm... the STD of the 21st century. Maybe that whole e-Darwinism will work out after all.

Your computer...

[bondsbw]

... really should have more flexible security.

Re:Your computer...

[TubeSteak]

There really is no reason to use the standard file names if you're just keeping the files within your system(s).

You can renamed ".doc" to any non-standard name and not have to worry about virii like this deleting them.

For a larger organization, it's just a matter of changing filenames, file associations and perhaps most importantly: make sure the icon transitions with the name change.

It might be a PITA, but there's nothing simpler than security through obscurity. Anything you do to change the behavior of th

Re:Your computer...

[TIMxPx]

This is slightly offtopic, but the plural of "virus" is "viruses". I wish it weren't, but there is no recorded instance of a Latin plural for "virus". "Virii" would be the plural of "virius", which isn't even a word. Just saying.

Re:Your computer...

[TubeSteak]

That's funny you bring up deadbolts.

I always lock both, just in case some asshat comes by and tries to jiggle the doorknob.

A lock is only going to keep an honest person honest.

Write-once backups

[truthsearch]

The best backups are those written to only once. Burn to a write-once only CD or DVD. Don't back up to an external hard disk. As soon as you plug it in anything can happen, either from Windows itself or from malicious software (redundant, I guess).

In the old days we backed up to tape and flipped a switch so the tape couldn't be overwritten. Today it's burn-once disks. Don't trust anything but physical protections from disk writes.

Re:Write-once backups

[TubeSteak]

In the old days, we etched our words into stone tablets for safe keeping..

A destructive virus was when a sick person would start coughing so hard that they'd break tablets by knocking them over.

The cost of physical media was high & the write speed was slow. Back then, we went to a lot more effort to make sure that our backups stayed safe.

Re:Write-once backups

[corbettw]

In the old days, we etched our words into stone tablets for safe keeping.

A destructive virus was when a sick person would start coughing so hard that they'd break tablets by knocking them over.

The cost of physical media was high & the write speed was slow. Back then, we went to a lot more effort to make sure that our backups stayed safe.

You forgot "And we were grateful!"

Re:Write-once backups

[Anonymous Coward]

I remember those days. There was this guy called Moses who had received some seriously important data on top of some mountain. He goes down the mountain, and he breaks the tablets. He didn't make backups, so he had to go back to his client and ask for a new copy of the data. Very embarrasing.

That should serve as a warning to everyone; always make backups. Especially with important clients like that.

Re:Write-once backups

[charlesnw]

You evidently don't have a lot of data to backup. My nightly backups are almost half a terabyte. If I didn't reuse media, I would have a very hard time getting my budget approved. Media isn't cheap. 100 tapes is $10,000.00. Write once is nice but doesn't work in real life. Unless you have small amounts of data that fit on one TAPE or DVD. And if you have to store your backups (we have to store offsite for 7 years) you would be paying 2 arms and 3 legs in storage and handling fees.

Then you have a bad setup

[truthsearch]

I've worked on large systems, including a multi-terabyte "data warehouse". No matter how big every system can get nightly incremental backups to save space. There is no way EVER you should be overwriting any previous backup. If you have that much data, and it's that valuable, you pay for whatever it takes to make every backup written once-only. Buy a set of drives or one drive with a large multi-disk feeder and pop in 100 7 Gb DVDs every night. Or better yet only do an incremental every night and a ful

Re:Then you have a bad setup

[MikeBabcock]

For liability reasons I recommend exactly the opposite. Always do backups to destroyable media. Do media descruction runs after specific periods (3 yrs, 5yrs, 7 yrs, whatever applies to the information in question) and keep the media safe in the mean time.

For nightly backups, much of that data is only valuable if one copy is available. Do a full backup cycle or two and then start overwriting media. No need for last month's data (except the "month-end" backup), its out of date now.

Re:Then you have a bad setup

[vinn01]

Always do backups to destroyable media.

All media is destroyable. There are shedders that can easily handle disk platters, CD-ROMs, DVDs, etc. The shedders are smaller versions of circuit board shedders that have been common to firms doing defense electronics since the 1950's.

Re:Then you have a bad setup

[operagost]

Maybe you haven't worked with companies having fewer than 100 billion dollars in assets; but I provide software and services to credit unions and I assure you, they cannot afford to use a SLDT 320 GB tape once and archive it forever. The monthlies are (if they follow our recommendations) put away indefinitely, but that's about it. There is a reason to reuse tapes, and it's called "practicality." They couldn't open their doors to teenagers and low-income families if they had to do what you demand.

Re:Write-once backups

[bored]

My nightly backups are almost half a terabyte..Media isn't cheap. 100 tapes is $10,000.00

What I was saying was that LTO-3 stores 400G uncompressed, the tapes are less than $70 and the drives are less than $2500. Sounds like its time for you to buy a new tape setup.

Re:Write-once backups

[raddan]

You can always unplug a removable hard drive.

Re:Write-once backups

[truthsearch]

And when it's time to restore something do you not plug it in? What's the point of writing to a disk you can never safely read from?

Your response is something one of my old PHBs would have said.

Re:Write-once backups

[Pope]

I'm sure the dyes involved are pretty specifically write-once, as there's a phase chage happening in the dye layer. If you had a laser strong enough the change that once written, chances are you'd destroy the thing first before even getting to flip the bits.

Re:Write-once backups

[SuiteSisterMary]

Not if you read the CD from a CD-ROM drive, rather than a CD-R or CD-RW drive.

Oh yes, this

[voice_of_all_reason]

This is the virus that MS has a patch from their fancy new Remote System Control program, right? Simply agree to download and blindly run any code they decide to send, let 'em take a peek at what you're running from time to time, and send regular status reports to the nice windows home base -- and then, we'll protect you from the nasty viruses!

And remember, kids... that's a nice computer. Would be a shame if something were to "happen" to it, you know what I mean?

Re:Oh yes, this

[jayhawk88]

And remember, kids... that's a nice computer. Would be a shame if something were to "happen" to it, you know what I mean?

I'm sorry, our records indicate that this joke was used no less than 17 times in yesterday's thread [slashdot.org] about this same topic. You are in violation of the Stale Internet Joke Act of 2004. Please refrain from any and all AYBABTU references and report to UseNet for remedial training immediately.

Oh leave off it

[Sycraft-fu]

There's no patch because it's not a vulnerability, it's a virus. The only thing you can patch is the users that still won't follow directions and not open executable attachments. The OS is working as intended when it executes code you ask it to, which is how this virus gets on.

This "OMG MS won't patch t3h systems!!!11" stuff on Slashdot is getting old. No, they won't patch it because there's nothing to patch. Duh. They have decided to add it to the malicious software tool, which is a mini virus scanner akin to Stinger from Mcaffee, which scans for a limited subset of viruses, but that's not a patch. Windows OneCare, which is NOT a remote control system by the way, does find it because, well, it's a virus scanner just like any other. It catches it just like AVG, F-Secure, Norton, and so on, which is to be expected as it's a competitor.

So let's leave off the bullshit ok? There are two easy methods to prevent this from hurting your system:

1) Don't run random programs that some with e-mails. If you use Outlook Express, it'll even tell you not to (twice).

2) Get a virus scanner. Doesn't need to be MS's, there are many good ones out there. I recommend AVG, it's fast and free.

Re:Oh leave off it

[sootman]

"Don't run random programs that some with e-mails. If you use Outlook Express, it'll even tell you not to (twice)."

Super. That will take care of it. </sarcasm>

I use OWA and this is next to every single attachment: "Attachments may contain viruses that are harmful to your computer." Gee, thanks. When users see that next to every single word doc, PDF, and JPEG they get on a daily basis, they start ignoring it. If everything is a threat, nothing is a threat.

Re:The OS is working as intended -- vulnerably

[Sycraft-fu]

They can't hide that they are apps. Windows will warn you that it's an app, and tell you not to run it. You don't need to run as an admin to run Windows. We have hundreds of computers in the department which users do not have admin access on. People run as admin because they are lazy. Besides, if your e-mail client saying "Warning, this could be a virus don't run it" and then your OS saying "Warning this oculd be a virus don't run it" isn't enough, changing the OK to a password field isn't going to do any g

Re:The OS is working as intended -- vulnerably

[drsmithy]

But appliations in emails should not be able to hide the fact that they are applications.

They can't. When you try and open attachments you get a dialog that tells you it's a bad idea and the default response set to "Don't Open". Applications should not be able to edit the registry without warning the user.

How is the OS supposed to tell the difference between a legitimate registry change and a malicious one ?

Users should not need to run as Administrator to make their computers work properly.

I agree. B

Re:Oh yes, this

[voice_of_all_reason]

I liked when I could go to Windows Update and choose which patches to install. Security Updates? Why yes, that sounds like a good idea. IE/WMP upgrades? Can't hurt. Whoa, what the hell is "automatic error reporting service?" I don't like the sound of that very much...

I recently had to format my hard drive and reinstall XP from a 1st-generation cd. When I tried to go to windows update, it demanded I upgrade both the Update program itself and set it to Automatic before it would allow me to get security pat

But but but we want a patch!!!

[Siberwulf]

"Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no 'patch' that can be downloaded to ward off Kama Sutra."

Half the articles i read yesterday about this said that the public was being screwed over becuase MS wouldn't release a patch.

The only patch for stupid is a swift boot in the ass.

Re:But but but we want a patch!!!

[plover]

Actually, this virus might BE the "patch" for stupidity.

"Hey, what happened to all my documents?"

"You opened a pr0n attachment in your email, you just got what you deserved."

"Boy, I'll never do that again!"

So, if these idiots are capable of any learning at all, this might work out to be a good learning experience for them. And if they're not, well, hey -- it's not my problem they're stupid.

Re:But but but we want a patch!!!

[diegocgteleline.es]

As far as I know, this is not a windows vulnerability. Users are just stupid and will open any executable with the word "kamasutra" in it. Make it a .desktop file and you have the equivalent linux virus...

Patch? How about a brain patch!

[Sporkinum]

Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no 'patch' that can be downloaded to ward off Kama Sutra.

How about a stupidty patch for opening up an attachment like the one described.

Re:Patch? How about a brain patch!

[toby34a]

I liked how in the article itself it said "There is no patch for user error." I call it removing their Banzai Buddy and smacking them upside the head with a keyboard.

Don't I wish

[Sycraft-fu]

Here's my idea:

We setup a room. The door to the room says, in every language "Danger! Do not enter". Inside they'll be a cage you need to open, again with keep out warnings. Inside the cage will be a button that says "Warning: Do not push the button, death will result!". If you push the button, you die. We come in once a week or so and clean out the body.

My guess is any person likely to push the button is also the kind that'll open random attachments despite being told not to by us, the OS, their virus scanner, etc.

Problem solved :D

Better yet...

[Anonymous Coward]

...transfer your important data to a new hard drive inside of a Mac.

i have a patch

[tehwebguy]

just turn your computer off before midnight, and leave it off until saturday.

Re:i have a patch

[xlyz]

you can do better:

turn you pc to an other os and leave it on tomorrow as well

Re:i have a patch

[The Good Reverend]

Right, because that's fantastic advice for the type of people who click on unknown attachments in their emails...

Congrats, you use Linux. It's be great if more people did, perhaps. But now you're just jerking yourself off, and it doesn't seem particularly helpful.

Zip drives?

[Dr. Sp0ng]

...to CDs, DVDs, zip drives, ...

What is this, 1996?

Strange...

[casualsax3]

Anyway I like how virus names are slowly getting edgier. Kama Sutra is a good one, but it'll be great fun when someone names a virus the Angry Dragon, Cleavland Steamer, or the Dirty Sanchez. I eagerly await the day when the words "Rusty Trombone hits America hard" grace CNN's frontpage :)

Even better

[databyss]

CasualSax's Rusty Trombone pounds the US in the IS.

Hmm

[voice_of_all_reason]

As bad as this day? http://images.amazon.com/images/P/0689711735.01._S CLZZZZZZZ_.jpg [amazon.com]

//mah favorite book

Clue About How To Detect Whether You're Infected

[Fleetie]

This URL would seem to provide some hints about how to check whether you're infected.
It mentions some registry keys that the worm sets up.

http://www.sophos.com/virusinfo/analyses/w32nyxemd .html [sophos.com]

Re:Clue About How To Detect Whether You're Infecte

[lostboy2]

F-Secure [f-secure.com] has details about this too.

Using the REG utility in WinXP or Win2K Resource Kit, it's not too hard to write a script to scan your PC's registries for this key. Something like

for /f %%i in (computerlist.txt) do (
echo %%i >>scanlist.txt
reg query \\%%i\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersi on\Run /s | find "ScanRegistry" >>scanlist.txt 2>&1
)

then look in scanlist.txt for any 'hits'.

Re:Clue About How To Detect Whether You're Infecte

[zippthorne]

Wait.. How long as windows done bash scripts?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Clue About How To Detect Whether You're Infecte

[HogGeek]

You SOB!

My linux system just rebooted....

*We* may not need to worry...

[Robotech_Master]

After checking up on the virus through some of the links in the article...frankly, I would be surprised if most readers of Slashdot were affected. I thnk most Slashdotters are way too smart to engage in the sort of behavior (opening suspicious email attachments) that is necessary to allow infection.

I feel sorry for all the people who aren't, though.

Go Ask Alice

[RobertB-DC]

From TFA:
"So while you might think it is coming from cousin Alice, most likely cousin Alice is not going to send you something that says 'Hey look at these pictures with naked people.' So that should be your first clue that a virus is propagating and you'd be well served to call cousin Alice to let her know that she is [unknowingly] sending out this type of e-mail," Sergile said.

Mr. Sergile, you obviously haven't met my cousin Alice [alicecooper.com].

Re:Go Ask Alice

[Kiaser Zohsay]

The really sad part is that it probably wasn't even cousin Alice who sent it, it was someone else who had both you and cousin Alice in their address book.

It could be worse. Alice could be your dad [visit4info.com].

Searches Network Shares

[ObsessiveMathsFreak]

This one will be more damaging than people think.

A lot of SMEs uses unsecured and passwordless network shares for sharing company data. Data that is stored in, you guessed it, *.doc *.xls, etc, etc files. This virus looks for shared drives such as this and will corrupt the files on them tomorrow.

If only one PC in the company is effected, I can see a whole lot of sore heads tomorrow at lunchtime.

I guess I should have paid more attention to this one.

Re:Searches Network Shares

[Feebleminded_Genius]

Agreed. I've been chasing this down on our corporate network all week.

I installed this virus on a test network last night. It was ugly to say the least. The test network was comprised of 5 clients, 1 DC, and 1 file server. When I ran the email attachment on a client, it immediately froze, consistent with the description on F-Secure. Upon rebooting with monitoring on, it launched numerous processes, and disabled Symantec immediately. Within 4 hours it had infected the other 4 clients & the file server.

We then flipped the switch on the DC & set the date to 2/3/06. Update.exe launched half an hour after login, and within 4 hours all .docs, .xls, .mdb files etc were corrupt on the local machines and the file servers.

Note that this test was performed with out-of-date virus defs as a test.

Here's an idea for those in a corporate environment. Create a software restriction policy for the executables associated with the virus:
%systemroot%\system32\scanregw.exe
%systemroot%\system32\update.exe
winzip quick pick.exe
winzip_tmp.exe

We did this in our test environment and it halted the virus completely.

patching user ignorance

[gnujoshua]

"Unfortunately, there is no way to patch user ignorance, and the way this virus propagates is through user ignorance,"

Isn't the purpose of this article to patch user ignorance?

If I were more creative, and funnier, I would come up with many witty and similar analogies to the phrase "patching user ignorance." :-)

Anyone else calling in sick tomorrow?

[digitaldc]

I feel a sudden illness coming on, could be a virus.

Re:Anyone else calling in sick tomorrow?

[gbrandt]

It's worms.

CME-24 aliases, information, and removal tools

[Futurepower(R)]

Here's how to know the difference between a money-making press release, and an honest story: The press release says "Fear, fear, fear!!!"

The honest story gives you links to tools for eliminating the threat: You can run this tool: W32.Blackmal@mm Removal Tool [symantec.com], which apparently removes all variants of the worm.

Here are manual instructions: WORM_GREW.A, Also known as: CME-24 [trendmicro.com]

Here is the list of names of the CME-24 worm, and links to removal methods: CME-24 aliases, information, and removal tools [mitre.org].

Ok guys, seriously there's an easy answer.

[jonfields]

Step 1: Go into Date and Time properties Step 2: Click on Internet Time tab Step 3: Uncheck Automatically Synchronize Step 4: Click on Date & Time tab Step 5: Change the date to the 4th (saturday) Step 6: Click OK Step 7: Wait until it really is saturday and turn automatically synchronize back on. I'd reccomend this for everyone, whether you think you have it or not, just to be on the safe side.

Re:Ok guys, seriously there's an easy answer.

[Linker3000]

That's right - and all our medical notes,, drug dispensing and consultation histories will have the wrong date which will cause absolute chaos!

Clamav

[Ween]

I have tried to find out if clamav will detect this virus with no positive results. Does anyone know the status?

Re:Clamav

[ronaldb64]

"Clams have Anti-Virus software!!!!"

The Kama Sutra

[Randall311]

"There is no 'patch' that can be downloaded to ward off Kama Sutra."

That's right. Once you get the Kama Sutra, you're fucked!

Oh this should be interesting

[kilodelta]

Our users have had it pounded into their heads never to open attachments on messages with odd subjects.

But I'm just waiting to see who the pervs are. This should be interesting when someone comes to me and says their files have been deleted. Hmmmm.. and what were you trying to look at.

Turn back the clock

[RyoShin]

The article states that the virus executes on the third of this month (tomorrow.)

Why not just wind back the clock?

I'm serious. I've fooled many a shareware program that locks the program after x days by setting the date back to when I first installed it (or even earlier, which makes for some funny notices.)

Unless the Kama Sutra virus is programmed in such a way as to store the date and time installed, and then keep track of every (milli)second that's past, and execute once enough seconds have passed to put

Am I safe?

[Arandir]

I'm using FreeBSD, am I safe? I think I am, but with all the panic swirling around over this issue, I'm not sure. Some guy just ran past my cubicle screaming, "no one is safe!"

Re:Will be a good thing

[LokiSteve]

Like they learned from Happy99?

Keep in mind all of those Dells that ship with time limited anti virus trial software. Even if people know they need virus protection, they may not know that it's expired.

Re:Will be a good thing

[charlesnw]

I'm sorry? It won't be super destructive? May I ask what you define as a super destructive virus? Overwrting the contents of all MS Office documents (not just deleting them) is extremly devestating. Even with backups the time it would take to restore the files would be a lot of downtime. Then you look at all the people who don't have backups. People and businessess. That could result in serious economic damage as companies are forced to re create there entire business. Was your post meant as a joke or...? Y

Re:Will be a good thing

[meringuoid]

I'm sorry? It won't be super destructive? May I ask what you define as a super destructive virus? Overwrting the contents of all MS Office documents (not just deleting them) is extremly devestating.

Sure. But I reckon gradually corrupting small parts of them is still worse. You might only realise you were infected months later, when the quarterly financial figures come out totally whacked, and you'll spend the rest of forever in the company of accountants and auditors trying to track down the correct figures.

Fragging out a file all at once? Then the victim realises something's up, gets the machine fixed, loses some work. Imperceptibly corrupting the file? Victim keeps spreading the virus, and every version of every file he works on is suddenly untrustworthy...

Re:No patch!!!! WTF

[PhilHibbs]

You mean this [72.14.203.104]? The text says it was manslaughter, which is fair enough, and that it was overturned, or did you mean a different case?

Re:No patch!!!! WTF

[SCHecklerX]

It's not really a worm. What, exactly, is microsoft supposed to patch?

Re:No patch!!!! WTF

[LurkerXXX]

It's not really a worm. What, exactly, is microsoft supposed to patch?

Anyone infected is supposed to download a revolver and shoot themselves in the head for being stupid enough to open an unknown attachment.

Re:No patch!!!! WTF

[InsaneGeek]

I wouldn't call it a Microsoft insecurity issue, but a stupid user issue. The user has to install it for it to work, the user actually has to be involved and allow it onto their box. The same type issue can be had for a Linux box and you don't even have to be a root user to be affected; someone emails you unknown app and like these windows dumbasses you run it can wack all of the Openoffice documents you have been using to write your disertation for the past year is gone.

A stupid user is stupid user, the article summed it pretty well: "Unfortunately, there is no way to patch user ignorance, and the way this virus propagates is through user ignorance,"

Re:No patch!!!! WTF

[maxwell demon]

A stupid user is stupid user, the article summed it pretty well: "Unfortunately, there is no way to patch user ignorance, and the way this virus propagates is through user ignorance,"

Actually there is a patch for user ignorance. It's called user education. The problem, of course, is that ignorant users are usually also ignorant on their own ignorance, and therefore don't apply this patch.

Re:No patch!!!! WTF

[advocate_one]

you really, really have to work at it to fuck up a Linux box... with windows, just going online can be enough...

Re:No patch!!!! WTF

[Fishstick]

Try and get your knee to settle down and RTFA

Unlike a lot of malware that exploits vulnerabilities in the Windows operating system, there is no "patch" that can be downloaded to ward off Kama Sutra.

"This is something that is not inherent in the operating system," Sergile said.

"Unfortunately, there is no way to patch user ignorance, and the way this virus propagates is through user ignorance," he said.

I like to jump all over Microsoft for their lax security and gaping vulnerabilites as the next guy, but this

Re:No patch!!!! WTF

[pe1chl]

This is of course not true. It is quite possible to protect your systems against worms and other mishaps like this.

Learn a bit about security and limited user accounts. Make sure that normal users cannot write to directories like %programfiles%, %system% and %windir%. Don't allow users to work as administrator.

Install a service like TrustNoExe. Set it up so that executable programs are only allowed in %programfiles% and %windir% (and other directories that normal users cannot write, and that you use to

Re:Great reporting, CNN

[HaydnH]

"As much as I appreciate the warning, hints on HOW to know if you're infected would have certainly helped."

As much as I appreciate your comment, hints on HOW to know if you're infected would have certainly helped.

So I don't get the same response to this comment, here's some links to Nyxem/Karma Sutra/MyWife (Whatever you wanna call it) removal:

- Symantec [symantec.com]
- McAffee [nai.com]

Haydn.

Re:God your stupid

[BoRegardless]

And I quote "God your stupid".

I rest the case defined in the message heading as a case of Slashdot user self-flagellation, which is not a part of the Karma Sutra.

Re:Dupe??

[halltk1983]

This is because, while it may have been posted before, this is very helpful for some of us who are looking for resources to make sure we are covered in the last day before the attack. If it wasn't for the links I got off slashdot, I couldn't get my PHB's to approve my time to verify everything. Thus, an article is not a "dupe" if it is still useful. Hence, your complaints are offtopic.

As was this.

Re:SAMBA shares affected?

[NetCow]

It will most certainly affect any writeable permanent redirected shares, AKA mapped drives, since the whole point of mapped drives is to create something that looks like a regular local storage volume.
It will *probably* walk the local network and affect nay shares it can access.
But - why take the chance? Always assume it will affect anything it could possibly write to.

Re:Best explanation ever:

[Ithika]

I'm curious. If the "head of Macintosh products at Symantec" says that OS X hasn't had any viruses... what does he do? Why do they sell Macintosh AV software?

Do people pay for "peace of mind", and regularly download completely empty virus definition files? ;) I'm sure people would buy it if they did, but I'm assuming they do other things as well.

Re:Best explanation ever:

[nolife]

but Macs have been impervious to every big, newsworthy Windows virus in the past five years.


Well no shit. My Ford has been impervious to every big, newsworthy Chevy recall in the past years.

Re:Mainstream media are catching on...

[Overly Critical Guy]

This isn't off-topic; it's an important distinction that should be encouraged. CBS News went so far as to not only characterize the worm as a Windows-only worm, but also mention that Macs were unaffected.

People need to be told that it's not a "computer virus," it's a Windows virus.

Re:Did we just slashdot AntiVir updater ?

[n54]

Lol I think we did but just try again: it updated now (at least in Europe).