Supplemental Resources and Links for Episode #25

PC World's March 2006 Malware
Detection Software Review:

 PC World's Comprehensive Review of Malware Detector Software

The inexpensive ($30 when reviewed) "BitDefender 9 Standard" won PC World's "Best Buy" award over nine other well-known mainstream competitors.

A Few Notes about the "Kama Sutra",
"Blackmal-E", "Nyxem-D" Worm

 Unlike most recent malware which seeks to obtain the use of infected machines for eMail spamming, DoS attacking, etc., the "Kama Sutra" worm is deliberately destructive to the machines it infects.

 The file-destroying payload of the "Kama Sutra" worm activates 30 minutes after an infected Windows machine is started on the 3rd of the month.

 Since this worm was first discovered on January 20th, 2006, the first "3rd of the month" will be Friday, February 3rd, 2006.

 When activated, "Kama Sutra" overwrites the data contained within all files of types DOC, XLS, PPT, ZIP, RAR, PDF, MDB. In other words, a lot of potentially valuable user data.

 It locates files on any available Windows drives having drive letters (including removable USB drives). Reports are mixed as to whether network-mapped drives will also be scanned and damaged.

 Since "Kama Sutra" overwrites file content instead of deleting the files, automatic backups might overwrite previously saved valid copies with newly destroyed content.

 Anti-Virus signatures have been updated for several weeks, so the threat to security-conscious users is probably low. However upwards of 300,000 machines had been infected at one time, and many machines, predominately located in India, Turkey, and Peru remain infected.

 Symantec has made a simple-to-use file scanner and disinfector freely available. It may be downloaded without any "registration" or eMail hassle:

 http://securityresponse.symantec.com/avcenter/FixBmalE.exe

 Symantec's page discussing the use of this tool.



Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Feb 02, 2006 at 11:52 (4,331.09 days ago)Viewed 3 times per day