Return to My location's details | List All Locations

Share |

Prepare for the Black worm a.k.a. the Kama Sutra Worm

Question

Beware of W32.Blackmal (a.k.a The Black Worm or Kama Sutra Worm)

Answer

This question was answered on January 30, 2006. Much of the information contained herein may have changed since posting.


PC users are being urged to update their anti-virus software before February 3rd in an effort to protect against the mass mailing worm known as W32.blamal (or the Kama Sutra worm), which is written to attack machines on the 3rd day of every month.

Once a machine is infected, the payload will destroy all files with the following extensions:


*.doc (Microsoft Word)

*.xls (Microsoft Excel)

*.mdb (Microsoft Access)

*.mde (Microsoft Access)

*.ppt (Microsoft PowerPoint)

*.pps (Microsoft PowerPoint)

*.zip (Compressed files)

*.rar (Compressed files)

*.pdf (Adobe Portable Document Files)

*.psd (Adobe PhotoShop)

*.dmp (Windows Memory Dump files)

Note: The destroyed files have the following text:

DATA Error [47 0F 94 93 F4 F5]

The most likely way to get infected by this worm is to open an e-mail or instant messaging attachment that is infected with this self replicating worm.


The most common Subject lines include:

• *Hot Movie*

• A Great Video

• Fw:

• Fw: DSC-00465.jpg

• Fw: Funny :)

• Fw: Picturs

• Fw: Real show

• Fw: SeX.mpg

• Fw: Sexy

• Fwd: Crazy illegal Sex!

• Fwd: image.jpg

• Fwd: Photo

• give me a kiss

• Miss Lebanon 2006

• My photos

• Part 1 of 6 Video clipe

• Photos

• Re:

• School girl fantasies gone bad


Some of the common Message bodies include:

• Note: forwarded message attached. You Must View This Videoclip!

• >> forwarded message

• Re: Sex Video

• i just any one see my photos.

• It's Free :)

• The Best Videoclip Ever

• Hot XXX Yahoo Groups

• *uckin Kama Sutra pics

• ready to be *UCKED ;)

• forwarded message attached.

• VIDEOS! FREE! (US$ 0,00)

• What?

• i send the file.

• Helloi attached the details.

• Thank you

• the file i send the details

• hello,

• Please see the file.

• how are you?

• i send the details.


If you open the file attachments that accompany these messages, your security software is instantly comprimised and can no longer protect you!


Most anti-virus programs have had a virus definition for this threat since January 17th, so keep your security and anti-virus software up-to-date and run a full system scan before February 3rd just to play it safe.

Author

Posted by Chad of Data Doctors on January 30, 2006

Personal Services | Business Services | Radio Show | Free Help Center | Franchising | About Us | Sitemap

Business Network Solutions | Computer Data Recovery | Computer Franchises | Computer Hardware Repair | Computer Help | Computer Network Support | Computer Problems | Computer Repair | Computer Troubleshooting | Data Recovery | Data Recovery Service | Data Recovery Services | Disk Recovery | File Recovery | Wireless Networking Solutions