Companies and individuals heeded this week’s warning – some may call it “hype” – about a file-destroying computer worm known as “Kama Sutra,” helping minimize its damage Friday, security experts said.
One Italian city shut down its computers as a precaution, but otherwise the worm’s trigger date arrived with relatively few reports of problems.
For days, experts warned that the worm could corrupt documents using the most common file types, including “.doc,” “.pdf,” and “.zip.” It affects most versions of Microsoft Corp.’s Windows operating system, prompting the software giant to issue a warning on Tuesday.
Hundreds of thousands of computers were believed to be infected, but security vendors say many companies and individuals had time to clean up their machines following the alarm.
“Certainly, right now, we and our anti-virus partners are not seeing a widespread impact of this attack,” said Stephen Toulouse, a Microsoft security program manager.
For Milan, Italy, though, the discovery came too late. Technicians switched off 10,000 city government computers after discovering the infection Thursday and deciding they didn’t have enough time to clean the machines.
“It has spread to all our computers,” said Giancarlo Martella, Milan’s councilman for technological innovation and public services. “Knowing how destructive it is, we turned off all personal computers to avoid losing our data.”
Only the municipality’s registry office had been kept open because its passive terminals don’t store data, Martella said, adding that he hoped the computers would return to normal by Monday.
Unlike other worms generally designed to help spammers and hackers carry out attacks, Kama Sutra sets out to destroy documents by overwriting data.
The worm – called CME-24 but nicknamed after the Hindu love manual Kama Sutra because of the pornographic come-ons in e-mails spreading it – also tries to disable anti-virus software, but vendors have generally posted updates to protect users.
Assuming the computer’s calendar settings are correct, users can also avoid the worm by leaving their machines off until Saturday, although the worm is set to trigger again March 3.
Security vendors Trend Micro Inc. and CA Inc. both assessed the overall risk and distribution as low. The worm wasn’t designed to spread any more quickly Friday. Rather, Friday was the first trigger date for the file-destroying code.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.