Microsoft Says Kama Sutra Overblown

Printer-friendly version Email this CRN article

As users and security firms reported little damage done by the Kama Sutra worm, a manager of Microsoft's anti-virus development team warned that overhyping threats could lead to a "cry wolf" syndrome where future alerts aren't taken seriously.

"Too much hype in situations that end in false alarms ends up diluting the meaning of warnings for true worldwide threats," wrote Matt Braverman, a program manager with Microsoft's anti-malware team, on the group's blog.

In particular, Braverman criticized those who called out warnings based on a Web counter that, though initially reporting the number of Kama Sutra infections accurately, was manipulated later in the process to claim millions of machines had been compromised.

Actually, most security firms quickly discounted the wild increase in the count and acknowledged that it was being artificially run up. In fact, the most accurate estimate made by CAIDA (Cooperative Association for Internet Data Analysis) only claimed between 469,000 and 947,000 PCs were infected with the worm worldwide.

Braverman's comments were in sync with earlier positions taken by Microsoft on the worm. In late January, for instance, the company downplayed Kama Sutra, and said an out-of-cycle update to its Windows Malicious Software Removal Tool was not in the works.

Reports of damage done by the worm -- which on Friday, Feb. 3 began overwriting Microsoft Office and Adobe PhotoShop files -- came in slowly Monday. An Indian anti-virus company was one of the few that reported large numbers of users with corrupted files -- 230 to 250 total in India -- but most tallied far fewer reports. Microsoft, for example, said its free support line (866-PCSAFETY) had taken "low call volumes," with most of those calls coming from worried users, not ones with infected systems.

Total damage will probably remain a mystery.

"Much as it is near impossible to characterize the spread of most other email worms, it is impossible to catalog the damage caused by Nyxem," the CAIDA authors wrote.

"File deletion is generally not an externally visible operation, and given the choice, large organizations generally avoid the potentially devastating damage to reputation (not to mention significant monetary losses) that comes with disclosing such a loss. On the other end of the spectrum, losing files can be devastating for home and small-business owners, but the scale of the losses is not considered newsworthy."

Printer-friendly version Email this CRN article