Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Worms Security

Kama Sutra Worm Hits Softly 175

An anonymous reader writes "Despite warnings of the danger posed by the Kama Sutra worm, ZDNet is reporting that things haven't been nearly as bad as expected." From the article: "There have been 'no reports of any (Kama Sutra) detonations so far. Also, the virus seems to be dropping in e-mail prevalence. It was down to second place yesterday, according to our monitoring stations, and slid again into third place today,' Paul Ducklin, head of technology at Sophos Asia-Pacific, told ZDNet Australia. The worm's ranking was overtaken by MyDoom and Netsky variants, which have been around for a number of years. "
This discussion has been archived. No new comments can be posted.

Kama Sutra Worm Hits Softly

Comments Filter:
  • by JustASlashDotGuy ( 905444 ) on Friday February 03, 2006 @03:35PM (#14637477)
    It sounds like the news over hyped a story for no reason. Say it ain't so!
    • Sorry, it IS so. The media uses end-of-the-world headlines because it gets people riled up and excited, and this news about the Kama Sutra worm falls into that category...
      • Sorry, it IS so. The media uses end-of-the-world headlines because it gets people riled up and excited, and this news about the Kama Sutra worm falls into that category...

        Yeah, and the assocation Kama Sutra == faboulus sex in various positions fit for those training gymnastics since age five.

        • "Kama Sutra == faboulus sex in various positions fit for those training gymnastics since age five."

          * At least 18 - 5 = 13 years of training required by U.S. law.
          • Funny, but a nit-pick, if I may...

            * At least 18 - 5 = 13 years of training required by U.S. law.

            take a look a this: http://www.avert.org/aofconsent.htm [avert.org]

            the age of consent in the US differs from state to state, 18 in (quick count) only 13 states (most 16, 17)

            and the US State with the lowest AoC goes to... (drumroll)

            South Carolina @ 14!

            They should adopt "Lowest age of consent law in the union!" as their new state motto and put it on license plates.
            • Ok, I screwed up (no pun intended)

              The great states of Iowa an Misouri also have 14, and where there are two different numbers for the same state it means

              the law within that country or state varies according to region or circumstances.

              So, I'm guessing 14 is legal if you are married (preferrably to a close relative), ;-)
            • In South Carolina, and this isn't actually a joke, the age of consent is fourteen...with your parents permission.

              It's 18 otherwise. Made for many many "Do you have a note from your parents?" jokes when I was in high school.
            • Before you get too excited about low ages of consent -- you can STILL be charged with "corruption of a minor," "exposure to a minor" and similar crimes for having relations with someone under 18. If the parents, cops, DA or whoever wants to get you, they CAN get you and put you on a sex offender list for the rest of your life.
            • South Carolina @ 14!

              They should adopt "Lowest age of consent law in the union!" as their new state motto and put it on license plates.


              ... except a lot of people might object to the term "union" in SC :)
      • Yeah, they had a field day with this one. Some brilliant wag said "hey, end of the world headline *and* a sexual conotation on the name!" Pure gold...

        People ate it up though. I received no less then three articles from my boss on this "impending doom".

        But the fact that it depended on user stupidity and not a hole or exploit had me calm over this. Not to say that some of our users aren't a bit clueless, it's just that they value their jobs enough to avoid emails that offer them "free nekkid pics".
    • by whoever57 ( 658626 ) on Friday February 03, 2006 @03:42PM (#14637534) Journal
      It sounds like the news over hyped a story for no reason. Say it ain't so!
      Oh, there is a reason alright. Think how many extra subscriptions of Norton, McAfee, etc. were sold in the last couple of days.
    • by Pantero Blanco ( 792776 ) on Friday February 03, 2006 @03:45PM (#14637560)
      Possibly, the reason it didn't hit so hard was the fact that it was so hyped.

      If someone warns me that I'm about to get hit by a car, and I move and avoid being hit, I wouldn't say that there was nothing to be worried about.
      • Hwy.. nothing wrong with over-hyping something like this. Your right in your analogy. Anyone remember the panic of y2k ? A lot of work because of some liitle numbers that were hyped. I bellives that for the most part that the lights would go out for a while. Maybe a couple of stock markets migbht not open for a few days. Who knows... But no fallign planes or anything so fun.. but thanx for the warnings.. I can feel safe knowing my remote is y2k compliant... ;)
    • My mail system filters tens of thousands of messages per day, for various businesses and it hasn't logged a single one of those viruses. So, as far as I'm concerned, the whole thing is much ado about nothing...
    • by guildsolutions ( 707603 ) on Friday February 03, 2006 @04:11PM (#14637686)
      I really think that people are becoming more and more prepared for viruses, I would also venture to say that more and more people are running virus scanners and more and more isps are filtering the content of the emails and other methods of transmissions.

      Overreaction? Maybe, but definitly better than underreaction.
    • Hey, at least they made me do my backup on schedule. This does not happen often, you know.
    • Sexbomb, sexbomb!

      I'm your main target, come and help me ignite.
      Make me explode although you know the route to go to sex me slow.
      No don't get me wrong ain't gonna do you no harm no,
      This bomb's made for lovin' and you can't shoot it far

      Sexbomb sexbomb you're a sexbomb
      You can give it to me when I need to come along
      Sexbomb sexbomb you're my sexbomb
      And baby you can turn me on turn me on darlin'
      Sexbomb sexbomb you're my sexbomb sexbomb
      You can give it to me when I need to come along
      Sexbomb sexbo
    • According to the F-Secure entry [f-secure.com] "...the Municipality of Milan had many of their 10,000 machines infected by Nyxem.E and have chosen to switch off their network today."

      Also see here [repubblica.it] (if you speak Italian)

      Seems like having to have 10,000 computers shut down for a day is a big deal... We won't hear about the real impact until next week, I'm guessing.

  • Uh oh... (Score:4, Funny)

    by suwain_2 ( 260792 ) on Friday February 03, 2006 @03:35PM (#14637480) Journal
    I got:
    Nothing for you to see here. Please move along.
    the first few times I tried to view this article. Are we sure Slashdot isn't infected?
    • > I got:
      > Nothing for you to see here. Please move along.
      > the first few times I tried to view this article. Are we sure Slashdot isn't infected?

      Naw, if Slashdot had been hit, it would have said DATA Error [47 0F 94 93 F4 K5]. Please move along.

      Man, those Kuro5hin folks, always trying to get the last byte in edgewise...

  • Old Threats (Score:5, Insightful)

    by Nom du Keyboard ( 633989 ) on Friday February 03, 2006 @03:36PM (#14637488)
    overtaken by MyDoom and Netsky variants, which have been around for a number of years.

    I, for one, would favor a slightly smarter Internet that simply filtered out known threats, stopping any further spread once they're identified. The fact that attacks continue to run years after they're first known is just plain stupid!

    • by kevin.fowler ( 915964 ) on Friday February 03, 2006 @03:37PM (#14637498) Homepage
      There is no patch for user stupidity.
      • by JesseL ( 107722 ) on Friday February 03, 2006 @03:40PM (#14637520) Homepage Journal
        Yes, there is. [slugger.com]
        • On a more serious note -- yes, there are real patches for user stupidity. They are called "foolproof design" and "solid usability". Too bad that only Apple gets it at all ... and even they still only partially get it (for instance, the iTunes UI is atrocious).

          • On a more serious note -- yes, there are real patches for user stupidity. They are called "foolproof design" and "solid usability".

            Yeah, right. There's a reason there's a cliche about "... along will come a better fool" - because it's true.

            We have so many warnings and safety bubbles around us nowadays we're losing the ability to protect ourselves from our surroundings. We're creating a society of clueless, helpless retards.

            We start our computers and watch as fifteen protection mechanisms automatical

          • Comment removed based on user account deletion
      • user stupidity patches come in many different sizes, i prefer .50 Cal. myself
      • There is no patch for user stupidity.

        In this case, it sounds like there is. Supposedly, this virus spreads by the user telling his email client to execute an attachment. Not just "opening" it (viewing hostile content should always be safe to do (barring accidental execution (e.g. an overflow bug in libpng)), but deliberate execution.

        The patch is to remove that capability from the email client. Or if people really want to use their email clients as program loaders (wtf?!), then at least it should load

    • A new MS company that fixes bugs that the viruses are taking advantage of.

      How many here, have had a win-sysadmin, send out messages "please don't open mails with the subjest 'OpenMePlease', it will possibly cause bad things."

      Sounds like a serious bug with the mail program. The mail program should not by default run attached programs or open attatche documents that trigger macros.
      • It's the user that opens the attachment. Should the e-mail app refuse to let the user choose to open any attachment at all?
        • It's the user that opens the attachment. Should the e-mail app refuse to let the user choose to open any attachment at all?

          I think there's confusion over the meaning of "open." "Open" should not mean "execute as native code with the same privileges as the user."

          Fine, let them open it. But if the attachment is a media type that is unrecognized, then it should "open" it in a hex editor or something. Boring, but appropriate, since native code should not be considered a recognized media type.

        • Only 'safe' files should be opened.

          A text file is safe, so that can be opened if clicked, right.
          An html file is safe, assuming the browser is safe.

          A word document is safe, unless it has macros.
          Probably, when launching word by association, a special flag should be passed. 'word -nomacros'.

          An excel document is safe, unless it has macros.
          Probably, when launching word by association, a special flag should be passed. 'excel -nomacros'. ...

          An EXE/BAT file is not safe....
      • You mean like Outlook? I've had many a problem trying to work around this security to open an EXE file I was expecting and someone forgot to ZIP. :)
      • How many here, have had a win-sysadmin, send out messages "please don't open mails with the subjest 'OpenMePlease', it will possibly cause bad things."

        When I've had Exchange admins send me things like that before, I usually point out how easy it is to set up Spam Assassin on a Linux box. Problem solved!
        • When I've had Exchange admins send me things like that before, I usually point out how easy it is to set up Spam Assassin on a Linux box. Problem solved!

          Try out spamd [openbsd.org] that is much likely to catch e-mails from infected PCs than SpamAssassin.

  • Media Hype (Score:1, Funny)

    by Anonymous Coward
    It was all pretty much media hype from the beginning.
  • Racy Title (Score:5, Funny)

    by Artie_Effim ( 700781 ) on Friday February 03, 2006 @03:36PM (#14637495)
    that might just be the raciest title on a /. article ever. W0W
  • The media loves it (Score:3, Insightful)

    by JesseL ( 107722 ) on Friday February 03, 2006 @03:37PM (#14637500) Homepage Journal
    when there is a particular date they can get in a tizzy about. No one will know they were making a mountain out of a mole hill until the "crisis" has passed. Remeber the michelangelo virus?
    • by Lxy ( 80823 )
      One source I saw (was it /. yesterday?) actually suggested keeping your computers turned off today. All too familiar with the big Michroangelo scare of 1990 (oh geez I'm old...)
    • by Dynedain ( 141758 ) <slashdot2&anthonymclin,com> on Friday February 03, 2006 @04:14PM (#14637710) Homepage
      Do I ever... My father insisted on turning off the answering machine, because it was digital one that did voice stamps and other complex features, and the "virus could spread through the phone lines".

      +1 to my dad for knowing that the answering machine did have a computer as a component
      -100 for thinking that it was susceptible to a virus dialing it up and infecting it

      • +1 to my dad for knowing that the answering machine did have a computer as a component
        -100 for thinking that it was susceptible to a virus dialing it up and infecting it

        That's what they said about email only a few years back...
      • Could a digital answering machine theoretically have a vulnerability? All I can think of is a buffer overflow, and presumably they account for humans talking too long; a DOS attack, which really doesn't cause problems; or a simple bad electrical signal, which requires someone attacking your physical phoneline or a really evil phone company.

        It is a computer, though, so shouldn't it have bugs?
  • by Lxy ( 80823 ) on Friday February 03, 2006 @03:39PM (#14637516) Journal
    Does this mean A) we've done a good job training our users or B) no one infected with this worm is willing to admit it?

    Most of the users I support would rather reconstruct their documents than admit they clicked on a "free pr0n" e-mail. Wonder how accurate this news really is.
    • I am thinking along the same lines. I think there is something to be said about the fact that it was publicized in advance, and more people "saw it coming."

      Of course, I don't think users who have had their files dumped have necessarily become aware of the issue yet, or as you say, maybe they haven't wanted to admit it.
      • And how many just left their computer off because today was the day? Would be interesting to learn that more systems were hit on March 3 then today.

        So far though it seems to have all of the devastation of the y2k disaster.

    • A) we've done a good job training our users
      B) no one infected with this worm is willing to admit it?

      Do we care which? As long as they either don't do it anymore, or are smart enough to understand it when they do something wrong I am happy.

    • The people over at F-Secure [f-secure.com] seem to think it's too early for any real damage assesment. Their arguement makes a lot of sense.
      --
      From the weblog:
      So far today we haven't received any significant Nyxem damage reports.
      Vast majority of the machines infected by Nyxem are home computers. Nothing will happen on them until people get home from work and boot up their machines. Half an hour later the damage starts. The user won't realise what's going on until an hour or two later, when it's already late Friday night
    • C) The Anti-Virus vendors made a much bigger deal out of this than it really was to increase sales.
  • by TubeSteak ( 669689 ) on Friday February 03, 2006 @03:39PM (#14637518) Journal
    I felt all flushed with fever, embarrassed by the crowd,
    I felt he found my letters and read each one out loud.
    I prayed that he would finish but he just kept right on ...

    Strumming my pain with his fingers,
    Singing my life with his words,
    Killing me softly with his song,
    Killing me softly with his song,
    Telling my whole life with his words,
    Killing me softly with his song...

    That's what came to mind when i read the title "Kama Sutra Worm Hits Softly." It's not my fault though, my mother subjected me to years of 'light' music on my way to school.

    Anyways, I'm not surprised the media took this one and ran with it. When was the last time they had a 'major' malicious virus to talk about?
  • by syle ( 638903 ) <syle.waygate@org> on Friday February 03, 2006 @03:42PM (#14637537) Homepage
    Of course it's soft at first. But wait until it changes positions a few times! It will be surprisingly intense before long.
  • IT'S NOT A WORM! (Score:5, Informative)

    by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Friday February 03, 2006 @03:46PM (#14637564) Journal
    It's a virus.

    Surely Slashdot knows the difference? A virus/trojan relies on user stupidity. A worm relies on software insecurity.
    • by 0racle ( 667029 )
      Who cares. The point is is this was a chicken little story to begin with.
    • WOAH, the plot thickens!

      but ya, it also spreads via windows shares (not just emails), so yes, it is a worm.
      • It spreads via Windows shares if you run executables on other peoples shares. As in "stupidly run executables from untrusted sources". As in "it is a virus, not a worm". As in "stop spreading misinformation" :)
    • Re:IT'S NOT A WORM! (Score:5, Informative)

      by TheSkyIsPurple ( 901118 ) on Friday February 03, 2006 @04:22PM (#14637776)
      Really?

      http://en.wikipedia.org/wiki/Computer_worm [wikipedia.org]

      A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself....The main difference between a computer virus and a worm is that a virus can not propagate by itself whereas worms can. A worm uses a network to send copies of itself to other systems and it does so without any intervention

      This thing (from what little I read) emails itself around when it can... which would qualify it as a worm.
      I'm a little fuzzy on the intervention part... the user has to to the initial activation, which could be intervention, but then again you have to do the initial activation with viruses, so I don't think that qualifies.

      This thing doesn't seem to make itself part of another executable persé, so it wouldn't quite qualify as a virus.

      Maybe I read my definitions wrong...
      • Please spoo into this test tube, sir, while ma'me lies back waiting for the turkey baster. Pay no attention to the highly educated and trained staff, supported by millions of dollars worth of complicated medical equipment who will perform magic behind the curtain.

        This "email worm" is more like a virus than a worm. It doesn't exploit an automatic execution hole in a popular email package, and thus it requires a user to execute the malware for it upon receipt of the email. This is social engineering, an
    • Nope you got it wrong.

      A virus and a worm rely on software insecurity. A worm is a virus but spreads through emails.

      Its the trojan that relies on user stupidity. Spyware too. Unless it comes within a reputable software with no options to not select it.

    • duh, its because worm fits better with the imagery of the name "Kama Sutra".
  • by Max Nugget ( 581772 ) on Friday February 03, 2006 @03:54PM (#14637628)
    The worm's ranking was overtaken by MyDoom and Netsky variants, which have been around for a number of years.

    This information distorts the issue. Kama Sutra carries an extremely destructive payload, deleting a user's local data and data on attached network drives (and, worse, the antivirus software on the networked computers can't prevent these deletions). This cannot be directly compared to MyDoom or NetSky, which merely clog networks, install backdoors (that are not usually used for anything nearly as destructive), and turn computers into spam and DoS zombies.

    The above statement is like saying that rainstorms have overtaken tornados in prevalence. That doesn't matter, because tornados do much, much more damage than rainstorms do.
    • by JesseL ( 107722 ) on Friday February 03, 2006 @04:05PM (#14637652) Homepage Journal
      Actually, from what I gather rain does cause more damage than tornadoes. In 1999 rain (floods) caused $5.4 billion in property damage in the US, while tornadoes caused $1.1 billion worth of damage.

      http://www.flooddamagedata.org/data/national331401 4-495.txt [flooddamagedata.org]
      http://sciencepolicy.colorado.edu/sourcebook/torna does.html [colorado.edu]
      • What would you rather have dropped on your head? 1 pound of bricks or 5 pounds of feathers?

        Okay, stupid post, but what did you expect from me and Slashdot?
    • MyDoom or NetSky, which merely clog networks, install backdoors (that are not usually used for anything nearly as destructive), and turn computers into spam and DoS zombies.

      I'll take 10 users getting their documents destroyed over one DoS zombie any day. The former only has an impact on me if I'm an idiot, the latter becomes a problem when other people are idiots.
      • I'll take 10 users getting their documents destroyed over one DoS zombie any day. The former only has an impact on me if I'm an idiot, the latter becomes a problem when other people are idiots.

        That's easy for people like us to say, but the reality is that the documents and data of a person who lacks a sufficient understanding of computer security are not automatically less important than our data or documents.

        Or, by way of analogy, the life of a person who didn't think to buy a carbon monoxide detector for
        • the reality is that the documents and data of a person who lacks a sufficient understanding of computer security are not automatically less important than our data or documents.

          I don't disagree. All I'm saying is that a virus that harms the person who gets infected through his own negligence is better than a virus that harms countless others through a person's negligence. This is especially true with viruses that go out of their way to have no concequence on the 'victim' such that the person won't know to t
  • Delayed reaction (Score:5, Insightful)

    by MoogMan ( 442253 ) on Friday February 03, 2006 @04:01PM (#14637640)
    In all fairness though, you may not notice a critical document has been lost until a few days down the line...
  • it said 15 million infections :-(

    http://webstats.web.rcn.net/cgi-bin/Count.cgi?df=7 65247 [rcn.net]
  • Soft ehh, (Score:2, Funny)

    by stevea1210 ( 951255 )
    Looks like someone could use a little blue pill before using the Kama Sutra.
  • by killermookie ( 708026 ) on Friday February 03, 2006 @04:15PM (#14637718) Homepage
    Instead of it saying "Schoolgirl fantasies gone wrong" it said "Schoolgirl does math homework and studies history".
  • There have been 'no reports of any (Kama Sutra) detonations so far'

    Well it's pretty obvious. Most places that allow Joe Public to post or report news require registration. The Kama Sutra deletes DOC files, where Joe Public keeps all of his passwords. Now they can't access e-mail, post stories, or read the NY Times to even find out about the virus. ;)

    But really, when the average user experiences problems on a PC, they're so bewildered by PCs as it is that they figure it's their fault and call upon the ne

  • Yeah But... (Score:5, Funny)

    by Comatose51 ( 687974 ) on Friday February 03, 2006 @04:25PM (#14637794) Homepage
    Yeah but just wait til the Tantra worm hits... wait for it... wait for it....
  • "Despite"? (Score:2, Informative)

    by Thad Boyd ( 880932 )
    Despite warnings, or BECAUSE of them? The Houston Chronicle thinks the latter [chron.com], and I'm inclined to agree.
  • I don't work today (well, not at my job at least... the joys of college life) and I was happily taunting all the other employees that covered the student open computer labs of the joy they were bound to have today while I leisurely took the day off for more importan things, like posting on /.

    Now, it looks like I'll have to hang my head in shame on Monday. Curse you media, curse you!
  • Surely not. Although the ZDNet report [zdnet.com] cited seems to have been based in large part on this lengthy and detailed analysis [sans.org] over at the Internet Storm Center:

    Ok, in some parts of the world it is already Feb 3rd and some damage is already probably done.
    If you know any story related to this event, please share with us .

    Samir Datt wrote to tell us about "unconfirmed reports" of damage in Bangalore, Ludhiana and Delhi. (email arrived 1am EST, 6am GMT).

    Yup, that's the whole thing. Sure glad that the folks at Ziff

  • Dang it! (Score:3, Funny)

    by darthservo ( 942083 ) on Friday February 03, 2006 @04:36PM (#14637888)
    I was planning on this thing being big!

    Now what am I going to do with 500,000 T-shirts, stickers, coffee mugs, mouse pads, and other miscellaneous paraphernalia printed with the slogan "I got pwned by Kama Sutra!"

  • I can hear the marketing department of a dozen antivirus companies go

    "Oh Crap"

    Where have all the virus makers gone anyway. We must either start funding script kiddies, or get into the antispam business.
  • by xutopia ( 469129 ) on Friday February 03, 2006 @04:45PM (#14637963) Homepage
    It's called foreplay!!!

    I jest!! :-D
  • I thought this article was about a new sex toy
  • The Scorpion Worm, however, will rock you like a hurricane.
  • crying wolf? (Score:2, Insightful)

    by dimeglio ( 456244 )
    Healthy paranoia or y2k-like panic? Personally, from all the attention these warnings have generated, I was expecting mayham; instead, we get "no reports of Kama Sutra explosions."

    Maybe this was the reaction intended by the author of the worm - to prepare the real next BIG attack when no one pays attention to warnings anymore.

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...