Security watchers say the Kama Sutra worm, which is programmed to overwrite files on infected Windows PCs today, will have a damaging but not catastrophic effect. The Kama Sutra worm (or Nyxem-E or Blackworm) poses as an email message offering a variety of salacious content. Subject lines used in the malicious emails include: The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and Fuckin Kama Sutra pics. The worm, which can also spread across network shares, only affects Windows PCs.
Humanity Survives Kama Sutra Apocalypse
40 Comments
The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and f–kin Kama Sutra pics
I get thousands of those types of spam a week, this virus died the minute it was spread with headings like that, just swirling around in the sea of my automated junk mail filter.
Not that it would have affected my machine anyway, but as far as destructive viruses go, this was poorly researched for maximum effectiveness.
Now that last Paypal phishing scam was pretty good, just asked for wayyyyy too much information on the included link, which was the tip off.
They are getting better that’s for sure.
There are many files on a computer, overwriting a couple probably wont damage any critical files.
-
2006-02-03 11:53 pmCrazyDude0
Again, this is not a technical problem with Windows. You can spread such viruses on Linux and they can at least eat up your data files even if you are not root.
It is just that worm writers target Windows because of large installed user base and also because Linux users are mostly techie people.
-
2006-02-04 12:20 amSlackerJack
Your saying linux users are more techie people, yet you think they would make this script execuable?, thats a contradiction. Remember please that scripts dont come executable in Linux. since this is what makes Linux desktop much more secure.
-
2006-02-04 12:35 amjaylaa
Remember please that scripts dont come executable in Linux
Why don’t they? Is that just by convention or is there actually some safeguard which prevents it?
-
2006-02-04 12:52 amraver31
yes, there are safeguards against it.
first and foremost…
all files you download are simply that, files.
you have to make them executable, then run them.
Sometimes however, you can download a binary file from a webpage with the execute bit set, but that leads to the next stage…….
Permissions.
although YOU downloaded the file and YOU set the execute bit to true, if you had a titter of wit about you, you would have already set up your partitions so that files on /home cannot run, so any downloads on there will need to be physically moved into your path so that they can run.
As you can see, malware would be ineffective against safegaurds like these. Any that did find its way into your system would sit there dead in your /home
HOWEVER
I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.
-
2006-02-04 9:34 amraboof
I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.
This is a trade-off. I like to be able to install things local to my homedir, without becoming root, so i’m sure the installation procedure doesn’t mess with the stable part of my system.
Also, though not allowing executables in homedirs is a possibly layer of defense, it’s not a very strong one. If an exploit can write a malicious file, it can probably also append something to your .bashrc, for instance.
-
2006-02-04 12:10 pmthecwin
Actually, lots of people use their ~/.local or ~/software/ or something as a place for testing untrusted software.
-
2006-02-04 1:24 amRichard James
Remember please that scripts dont come executable in Linux
Why don’t they? Is that just by convention or is there actually some safeguard which prevents it?
That is due to umask. When you download a file it is created as a new file. All new files in Linux have their permission set from the umask which is by default 022 on most systems.
The permissions are umask & 077, so umask of 022 is 644 which is -rw-r–r-
if you create a file that is a script in Linux you will then have to chmod the permissions to execute before it is run.
Yes this is a security safeguard.
-
2006-02-04 11:28 pmGvG_
The permissions are umask & 077, so umask of 022 is 644 which is -rw-r–r-
Me thinks you’re a bit off here. With an umask of 022 and a creation mode of 0777 the resulting permissions would be 0755, which is -rwxr-xr-x.
-
2006-02-05 3:44 amRichard James
Me thinks you’re a bit off here. With an umask of 022 and a creation mode of 0777 the resulting permissions would be 0755, which is -rwxr-xr-x.
Yeah my bad
reading the man page it says
“The umask is used by open(2) to set initial file permissions on a newly-
created file. Specifically, permissions in the umask are turned off from
the mode argument to open(2) (so, for example, the common umask default
value of 022 results in new files being created with permissions 0666 &
~022 = 0644 = rw-r–r– in the usual case where the mode is specified as
0666).”
I don’t know where the mode is specified.
-
2006-02-04 12:46 amWrawrat
If they can click an executable file, they can make the script executable by changing its permissions… Never overestimate the user when it comes to attachements. At first, the complexity of the commands (compared to point and click) might put them off, but if they want to see that Miss Lebanon, they will try to.
Call me a pessimist, but if some people are gullible enough to open an attachement from an unknown source…
-
2006-02-04 1:05 amSlackerJack
So which is it?, people have been ranting Linux is not ready for the desktop because it’s not easy to install or run stuff. Now your saying a new computer user can make the script executable from his email?
Do I hear double standards here?, Yes I think so.
-
2006-02-04 1:28 amWrawrat
Eh? Did I ever mentionned “Linux is not ready for desktop” or “new computer users”? You might hear things, but your sight must be failing…
But since you’re asking, instructions could be attached to the malicious mail. The user might ask a friend. Or anything else: just be imaginative. The fact is, if the user wants to run the attachement, he will.
Don’t take this as an attack against Linux or Unix-based system. That’s what I use. My point was that the weakest link in security is often the user. I’m paranoid enough for keeping my systems secure (or at least I think), but some just don’t care.
Edited 2006-02-04 01:29
-
2006-02-04 1:43 amSlackerJack
And pigs might fly when that happens, again your saying what the average user hypothetically will do that. What i’m saying is that people say Linux is not easy for average joe because of this method, yet a unknowing Windows user will just click and BAM!, thats the difference.
-
2006-02-04 2:12 amWrawrat
Hey, I never claimed it was easier in Linux! I just said it’s not completely impervious to these scams because it depend on the clueness of the user. As for flying pigs, I wouldn’t be much surprised if they do soon. This kind of virus started years ago and there are still people opening these attachements.
-
2006-02-04 5:00 amDeadFishMan
Again, this is not a technical problem with Windows. You can spread such viruses on Linux and they can at least eat up your data files even if you are not root.
It is just that worm writers target Windows because of large installed user base and also because Linux users are mostly techie people.
Some people have this misconception that Linux would be an as easy target as Windows if virus/worm authors started to deploy their warez against it. No, Linux is not vulnerable to the same threats and you know why? Because, unlike Windows, Linux e-mails clients do not allow automatic scripts (of any kind) to be executed when receiving an e-mail. Its webbrowsers also do not allow arbitrary execution of code. And even if we acknowledge that the user data might be compromised by some sort of worm/virus, the Unix security model will ensure that only that user’s files will be the only ones damaged. In other words, your clueless sister will be the only one that will lose something on your family computer. Windows can’t claim that.
People tend to give this excuse that the majority of Windows out there is the main culprit of the huge number of threats to that platform but they forget that on the Internet, the majority of the servers run on some sort of *nix OS or even some sort of hardware appliance. Now think about it for a second: If you were a virus writer whose main goal was to create the biggest havoc that you could, would you try to write something to attack the client machines or would you try to own a server or a router, effectively putting a whole segment of the internet on your hands?
Fact is, there are a couple of IOS (Cisco’s Internet Operating System) exploits on the wild. The same for *nix exploits. But they’re few and between mainly because they usually exploit some security vulnerability that were already fixed by the vendor, relying on a lazy sysadmin or the fact that some companies have policies in place that delay the patching of their systems.
On Windows’ case, it was a MS design decision that led to so many ports open on the platform for the virus community. They though that would be a nice idea if the user could send an e-mail with some VBscript on it to his or her account in order to automate this or that function. When Sun created Java applets, they thought of sandboxing it to prevent people abusing it. MS went a step further allowing ActiveX to have unlimited access to the user’s hard drive just by accessing a web page what required them to create later the concept of signed ActiveX components (that didn’t fare well either, by the way). All that because MS usually puts convenience before security when designing its products.
So no… There is no way that I can agree to the assertion that Linux (or Mac OS X or any other OS fot that matter) would be as vulnerable as Windows is nowadays. But I’m looking forward to see what Vista will bring to the table. But please, stop this nonsense. Current Windows releases have its share of threats because of its inherent weakness, nothing else.
At my place of work we actually did have a small outbreak – luck us it didn’t get on any of our developer’s machines because we have write access to a server’s network share with all of the documentation for everything we create, source code, test results, etc. We had it under control and machines updated to catch it within an hour of the first occurance so thumbs up to our IT team.
-
2006-02-04 12:17 amvimh
I’m assuming they were given a swift kick in the shins for being foolish enough to click on such a link?
-
2006-02-04 2:00 amCelerate
It’s amazing how many people still fall for the old free porn ruse, it’s a classic used for spreading viruses and frankly anyone with common sense should know better to fall for it.
About maximum effect for a virus, worm, etc:
Anything that puts a carbon-based unit in the loop (e-mail based, phishing scams and so on) just won’t cut it. Humans don’t continuously read their e-mail, surf the web, or chat. They do that with intervals. That automatically limits how fast it can spread, and gives others (software vendors, AV companies, sysadmins) time to take action.
So IMO the most fast-spreading and/or destructive threats simply MUST be things that don’t need human interaction to spread. Only then you have (in theory) the potential to infect every machine hooked up to the net, within hours.
Kind of sad that most malware isn’t destructive, and only wants your CPU cycles or bandwidth. Imagine what a super-destructive and fast spreading worm could do: kill off all those zombies and unpatched systems. That would do wonders for spam levels, AND promote more secure systems like Linux, MacOSX or *BSD.
I for one, would welcome a worm that knows many ways to get in, spreads like crazy, and wipes clean the harddisk of any vulnerable machine it finds. Even while I couldn’t be 100% sure to be among the ‘survivors’ =8-[
Learning the hard way is one way to teach those countless, clueless dummies that (possibly without even knowing) make online life less fun for others.
-
2006-02-04 1:30 am
-
2006-02-04 2:11 amCelerate
I think that may be an extreme measure. Some people are forced to use computers even though they really shouldn’t be allowed near one for safety’s sake. You can blame this on businesses such as banks for example, which are closing earlier and pushing internet banking like a street drug at everyone in order to cut down on staff and save money. How about the people who have to use computers as part of their jobs, and these days it’s getting harder and harder to go through school without needing a computer.
Windows isn’t getting more viruses or is more insecure because it’s user base is bigger, is just because it is for sure less secure than Linux. non-root user can’t damage anything on the system and you would be running as non-root forever (I hope). With a virus like that maybe it can damage a few of your /home/user directory files and nothing more a thing that will be fixed easily or erase and create user again. And about FreeBSD don’t even think about a virus doing more damage on it since it is even more secure than Linux. So don’t take me for a Linux zealot, just take me as a FreeBSD user that likes to correct some wrong statements.
-
2006-02-04 12:57 amWrawrat
But what is more important: your system or your data files?
A borked system can take hours to fix up, but data is often impossible to restitute. If you didn’t made backups, that’s it. Yet, the average user (in contrast to your average OSN reader) isn’t familiar with these procedures. You should not take destructive viruses lightly even if you are running a Unix/Unix-based system.
Just take me as a knowledgeable user.
-
2006-02-04 9:55 amBending Unit
Oh, how comforting. Except that I don’t care about system files, it my own stuff that’s important, you know the files in /home/user. Corrupted files are not easily detected and can overwrite your healthy files on your backup drive.
That’s one of the downright stupidest ideas I’ve ever heard.
Not allowing users to run their own programs and scripts in the name of security? Are you serious?
Browser: ELinks/0.10.5 (textmode; OpenBSD 3.9 i386; 80×48-2)
-
2006-02-04 2:20 amVarg Vikernes
It’s like that IE dialog that pops up when you download an exe. It’s annoying and nothing else. If someone wants to run it he will, be it a dialog to click through or chmod it.
My previous post should have been RE[5] (response to raver31), not RE[4].
Hey, OSnews editors — stop screwing over users of non-craptastic browsers!
Browser: ELinks/0.10.5 (textmode; OpenBSD 3.9 i386; 80×48-2)
There is NO reason for this type of virus/worm/whatever you want to call it today to continue to propagate apart from the total ignorance of Joe user.
Frankly, with all the free porn available across the web, anyone that opens a sex spam’s attachment get’s what they {censored} deserve… The NEED to have their computer borked two or three times to break them of being a moron.
This is one more reason in the kitty for switching to Linux as soon as possible. Windows users please note.
For having the word ‘f–kin’ on the OS News front page.
—
What the hell is wrong with ELQ?
http://www.bedoper.com/bedoper/2006/39.htm
This virus wasn’t as damaging as it could have been thanks in part to the spread of information by the media, security news sites, and fast action from the antivirus vendors.
It’s nice to know that threats like these can be contained with a little communication.
Does anyone have any of those pictures? I’d love to see Miss Lebanon 2006 ๐
Does anyone have any of those pictures? I’d love to see Miss Lebanon 2006 ๐
Here you go : http://www.lebanonlinks.com/page.asp?news=misslebanon2005
I think the outgoing miss Lebanon was hotter though : http://www.funonthenet.in/content/view/231/31/
I’m actually a feminist, I swear ๐
I think the outgoing miss Lebanon was hotter though :