New Kama Sutra Worm Corrupts Microsoft Documents


A new worm that already accounts for 1 in every 15 pieces of malicious code carries a "nuclear option" payload that corrupts data in a slew of popular file formats, a security company warned Friday.

The Nyxem.e worm, said Finnish security firm F-Secure, carries code that instructs it to replace data in files with .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, or .dmp extensions with the useless string "DATA Error [47 0F 94 93 F4 K5]" on the third of the month.

This list includes the native document formats for Microsoft Word, Excel, PowerPoint, and Access, as well as for Adobe PhotoShop and Acrobat.

Nyxem.e is similar to the VB.bi/Blackmal/MyWife.d worm that climbed the charts earlier this week, added F-Secure, which said that the new worm accounted for almost 7 percent of all intercepted viruses in the past 24 hours.

The worm arrives as an attachment to e-mail messages with a variety of subject headlines, many of which tout porn with phrases like "Arab sex," "give me a kiss," "Hot Movie," and "F***** Kama Sutra pics." It also tries to delete selected security software, and can spread through shared folders as well as by hijacking addresses from infected PCs.

F-Secure raised its alert level on Nyxem.e to "2," the first time the Helsinki-based anti-virus company has used that high a warning since December's Windows Metafile vulnerability broke into the news.