File-destroying worm causes little damage so far
Friday, February 3rd 2006, 8:42 am
By: News On 6
One Italian city's government shut down its computers as a precaution but a file-destroying computer worm otherwise caused relatively little damage when it triggered worldwide Friday.
Hundreds of thousands of computers were believed to be infected, but many companies and individuals had time to clean up their machines this week after security vendors and media outlets warned of the ``Kama Sutra'' worm.
``It's been pretty quiet,'' said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp. ``We know the word is out there.''
In Milan, Italy, technicians switched off 10,000 city government computers after discovering the infection Thursday and deciding they didn't have enough time to clean the machines before the worm would began wreaking havoc on Friday.
``It has spread to all our computers,'' said Giancarlo Martella, Milan's councilman for technological innovation and public services. ``Knowing how destructive it is, we turned off all personal computers to avoid losing our data.''
Only the municipality's registry office had been kept open because its ``passive terminals'' don't store data, Martella said, adding he hoped the computers would return to normal by Monday.
Experts had warned earlier that the worm, also known as ``CME-24,'' ``BlackWorm,'' or ``Mywife.E,'' could corrupt documents using the most common file types, including ``.doc,'' ``.pdf,'' and ``.zip.'' The worm, nicknamed after the Hindu love manual Kama Sutra because of the pornographic come-ons in e-mails spreading it, affects most versions of Microsoft Corp.'s Windows operating system, prompting the software giant to issue a warning Tuesday.
Although the worm tries to disable anti-virus software, vendors have generally posted updates that should protect users. Assuming the computer's internal clock is correct, users can also avoid the worm by leaving their machines off until Saturday, although the worm is set to trigger again on March 3.
Security vendors Trend Micro Inc. and CA Inc. both assessed the overall risk and distribution as low. The worm wasn't expected to spread any more quickly Friday. Rather, Friday was the first trigger date for the file-destroying code.
``It's well past the deadline but we haven't confirmed any cases of the Kama Sutra in Japan, which suggests we're not looking at a major outbreak,'' said Itsuro Nishimoto, an executive at Tokyo-based computer security company LAC Corp.
A manager at Hong Kong's official coordination center for computer emergencies said he had not received any reports or calls for help from those infected by the worm.
``It began spreading late last month but we haven't received any calls in the past two weeks,'' Roy Ko said. ``We don't expect to receive any today, either.''
Ajit Pillai, India's manager for U.S. security firm Watchguard Technologies Inc., said about 10 percent of his customers in the country had the worm, but they ``followed the remedies and managed to avoid any problem.''
``We didn't have to do any firefighting today,'' Pillai said.
Unlike other worms generally designed to help spammers and hackers carry out attacks, Kama Sutra could inflict more damage because it sets out to destroy documents.
``This virus is nowhere near as widespread as some of the (recent virus) cases,'' Hypponen said. ``The reason it's talked about is because it's more destructive.''
He said damage is high among those hit, but many businesses should already be protected by anti-virus software. Home users and smaller companies without the latest software updates may be more vulnerable.