Beware the 3rd of March, when the notorious Kamasutra variant virus rears its head again. The Indian Computer Emergency Response Team (CERT-In), working under the Department of Information Technology (DIT) has warned of this worm, which is very destructive in nature and gets activated on the third of every month.
The worm, called Nyxem, also comes in variants like Kamasutra, Grew-worm, Blackmaal, MyWife. It is a memory resident mass mailing virus and is spreading in the wild to attack Microsoft Windows systems. The worm propagates by sending an e-mail attachment to target users. It also spreads through network shares. On activation, it replaces the content of user's files and reduces the size of all user data files to 1 KB.
When a user clicks on any virus attachment, it opens a .ZIP archive with the same name in the Windows system folder to hide its functionality and copies itself to the system folder with filenames like scanregw.exe, winzip.exe, update.exe, movies.exe, zipped files.exe, etc. It then creates the registry entry to enable its automatic execution at every system startup. It also deletes the files related to anti-virus applications and attempts to spread to network shares with weak passwords.
The subject line could be deceptive to obscene like – 'How are you', 'It's free', 'Thank you', 'Forward message attached', etc.
The Department of Information Technology has advised people to install and maintain updated anti-virus software, apply appropriate security updates at OS and application level, send and receive e-mails in plain text, block executable and unknown file types at the e-mail gateway and scan the system to check infection of the worm by running removal tools as referred on CERT-IN website.
It has also advised people not to open mails if they contain funny attachments, not to visit untrusted websites and not to download and install softwares of unknown origin.
Estimates show that the Kamasutra virus attack on February 3, 2006 had affected over 80,000 computers in India alone.