FAQ: The Kama Sutra worm
What you need to know about the virus, which is set to delete files on Feb. 3.
There has been a lot of confusion surrounding this worm, especially because media organizations and antivirus vendors haven't decided on a common name. CNET has settled upon Kama Sutra. Its other aliases include CME-24 (US-CERT), MyWife (McAfee), Tearec (Panda), Nyxem (Sophos), Blackmal (Symantec, Computer Associates, Vet), and Grew (Trend Micro).
Why should I be worried?
Kama Sutra contains a dangerous payload. On the third day of the month, it will overwrite certain files with an error message: "DATA Error [47 0F 94 93 F4 K5]." It is programmed to affect all files with the extensions .doc, .xls, .mde, .mdb, .ppt, .pps, .rar, .pdf, .psd, .dmp and .zip. These files--which include the default file formats for Microsoft Office and Adobe Acrobat applications--cannot be restored once they are damaged.
Has it spread worldwide?
Security vendor Lurhq has metrics on the spread of Kama Sutra in specific countries through Jan. 26. The data suggests that India, Peru, Italy and Turkey are the most vulnerable to Kama Sutra. On Thursday, however, antivirus vendor F-Secure posted data suggesting that the United States and Europe may be equally vulnerable.
Who's at risk?
Kama Sutra affects all versions of Microsoft Windows. It does not affect users of Mac OS, Linux or Unix.
How does it infect?
Windows users who receive sexually suggestive e-mail and proceed to open the attached file may find their systems infected with Kama Sutra. Unlike some e-mail worms, Kama Sutra will not automatically spawn; people must open the file first.
CNET Virus Threat Meter
Despite the danger presented by Kama Sutra, infection rates remain relatively low worldwide. Therefore, we are keeping the Threat Meter on "low" for the time being.
Prevention and cure
Read CNET Reviews' prevention and cure alert for links to specific antivirus vendors. For a more comprehensive analysis, see the page posted at Sans.org.