By Vivian Yeo
Friday, February 03 2006 07:19 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,39309567,00.htm

The Kama Sutra worm, also known as MyWife and W32/Nyxem-D, is likely to have a less-than-expected impact in Asia because companies have had sufficient time to react, predict security experts.

Programmed to infect systems on the third of every month, the virus wipes out data saved as Microsoft Word, Excel, PowerPoint and Adobe PDF files. Some PCs have reportedly already been affected. The worm is typically spread via e-mail, and can sit dormant in a PC until it is set to go off.

"The biggest issue customers have is with zero-day attacks," Allan Bell, McAfee's regional marketing director, told ZDNet Asia in an e-mail. "In the case of this virus, there was plenty of warning and time for users to have their antivirus updated and systems protected."

Bell added that there are no reports of "large numbers of infections in the Asia-Pacific region".

"Most large customers are reporting to us that they are seeing a few hundred viruses stopped at the gateway," he said. "We are expecting the impact on companies to be low."

Security vendor McAfee has also rated the Kama Sutra worm as a "Low" threat.

"[We predict] that the data destructive payload will have minimal impact on computer users when it hits on Feb. 3," Craig Schmugar, virus research manager at McAfee AVERT Labs, said in a media statement released this morning.

Schmugar noted that the virus "does not mimic the subtleties of many current viruses that are designed to generate income". He added that the number of detections and possible infections remains "very low".

Sydney-based Paul Ducklin, Sophos' Asia-Pacific head of technology for Asia-Pacific, said Thursday: "W32/Nyxem-D was the second-most common virus seen at Sophos' monitoring stations in the past 24 hours, yet in all of Australia we have had only one confirmed infection from the business community."

Also dubbed CME-24 by the Common Malware Enumeration, the Nyxem worm was ranked fourth on Sophos' list of top ten viruses in January 2006. First reported on Jan. 16, it is believed to have infected hundreds of thousands of PCs worldwide before it was subsequently dubbed the Karma Sutra worm by the global media.

A blog posted Thursday evening on F-Secure's Web site revealed that PCs in the United States and Western Europe were likely to be the most vulnerable.

India, Malaysia and Thailand were predicted to be among the countries in the Asia-Pacific region, likely to be most badly affected by the worm.

Managed security services provider LURHQ, estimated late last month that there were over 86,000 infections in India, nearly 8,200 in Malaysia, and more than 4,400 in Thailand.

In a blog entry posted on ESET Threat Blog, Randy Abrams, director of technical education at Essential Security against Evolving Threats (ESET) reported that the Korea Computer Emergency Response team had said the attack "is not as widespread as some have been in the past".

Sophos' Ducklin added: "The damage caused by W32/Nyxem-D has stirred up public interest because [its effects] sound really terrible--but in many ways, it is the less visible and malicious [attacks] which can be far worse.

"You may be able to recover deleted files, but you can never get back files which a hacker stole from your PC using a backdoor Trojan," he explained. "[And] you can never un-type keystrokes which were captured by a keylogger."