Security VARs Brace For Impact Of Kama Sutra Worm


The Kama Sutra worm--a.k.a. Nyxem, Black Worm and Mywife--is set to execute its malicious code on Friday. Security VARs aren't too concerned about the potential fallout but said it doesn't hurt to be prepared.

"Hopefully, nothing will happen, but we gear up for the calls we might get afterward," said Darrel Bowman, CEO of AppTech, a Tacoma, Wash.-based solution provider.

F-Secure, a Helsinki, Finland-based security company, estimated that nearly 300,000 computers worldwide have been infected with Kama Sutra. Since the virus executes based on an infected machine&'s clock, infected users with improper clock settings may have already felt its effects, F-Secure said.

Once a PC is infected with Kama Sutra, the worm is set to execute its code on the third of every month, at which time it deletes files such as .doc, .xls, .pdf and .ppt, as well as antivirus software. But security experts said Kama Sutra is more of a concern for broadband home users and small businesses, rather than large enterprises with IT support staffs that keep antivirus software up to date.

"There's still plenty of unprotected home users, but this virus isn't ground-breaking," said Andrew Lochart, senior director of marketing at Postini, a San Carlos, Calif.-based hosted e-mail security vendor.

The way Kama Sutra destroys files is what makes it dangerous, even though the worm hasn&'t come close to infecting the number of computers that the Sober worm did in December, according to Lochart. In the past 24 hours, Postini recorded 227,000 e-mails containing the Kama Sutra code and blocked them, whereas the Sober worm infected tens of millions of e-mails a day, he said.

"It's bad enough to get a virus like Sober that turns your PC into a zombie, but at least with that you can disinfect it," Lochart said.

VARs serving small businesses said these customers are notified of viruses and worms such as Kama Sutra, but not all clients take the proper measures to protect themselves by having the latest virus definitions in place for their antivirus software, said Gary Cannon, president of Advanced Internet Security, a Colorado Springs, Colo., security solution provider .

"We typically notify customers of the big ones. But every once in a while, someone doesn't have the updates,” Cannon said. “There's only so much we can do."