Prepare for the Black worm a.k.a. the Kama Sutra Worm

Question

Beware of W32.Blackmal (a.k.a The Black Worm or Kama Sutra Worm)

Answer

This question was answered on January 30, 2006. Much of the information contained herein may have changed since posting.


PC users are being urged to update their anti-virus software before February 3rd in an effort to protect against the mass mailing worm known as W32.blamal (or the Kama Sutra worm), which is written to attack machines on the 3rd day of every month

Once a machine is infected, the payload will destroy all files with the following extensions:


*.doc (Microsoft Word)

*.xls (Microsoft Excel)

*.mdb (Microsoft Access)

*.mde (Microsoft Access)

*.ppt (Microsoft PowerPoint)

*.pps (Microsoft PowerPoint)

*.zip (Compressed files)

*.rar (Compressed files)

*.pdf (Adobe Portable Document Files)

*.psd (Adobe PhotoShop)

*.dmp (Windows Memory Dump files)

Note: The destroyed files have the following text:

DATA Error [47 0F 94 93 F4 F5]

The most likely way to get infected by this worm is to open an e-mail or instant messaging attachment that is infected with this self replicating worm.


The most common Subject lines include:

• *Hot Movie*

• A Great Video

• Fw:

• Fw: DSC-00465.jpg

• Fw: Funny :)

• Fw: Picturs

• Fw: Real show

• Fw: SeX.mpg

• Fw: Sexy

• Fwd: Crazy illegal Sex!

• Fwd: image.jpg

• Fwd: Photo

• give me a kiss

• Miss Lebanon 2006

• My photos

• Part 1 of 6 Video clipe

• Photos

• Re:

• School girl fantasies gone bad


Some of the common Message bodies include:

• Note: forwarded message attached You Must View This Videoclip!

• >> forwarded message

• Re: Sex Video

• i just any one see my photos

• It's Free :)

• The Best Videoclip Ever

• Hot XXX Yahoo Groups

• *uckin Kama Sutra pics

• ready to be *UCKED ;)

• forwarded message attached

• VIDEOS! FREE! (US$ 0,00)

• What?

• i send the file

• Helloi attached the details

• Thank you

• the file i send the details

• hello,

• Please see the file

• how are you?

• i send the details.


If you open the file attachments that accompany these messages, your security software is instantly comprimised and can no longer protect you!


Most anti-virus programs have had a virus definition for this threat since January 17th, so keep your security and anti-virus software up-to-date and run a full system scan before February 3rd just to play it safe.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Chad of Data Doctors on January 30, 2006