vacancies advertise contact news tip The Vault
GLOBAL COMPETITION: Win a fully loaded X99 gaming rig worth £1,800! [x]
facebook rss twitter

Prudish Microsoft reaction to Kama Sutra worm set to confuse

by Bob Crabtree on 1 February 2006, 20:12

Quick Link: HEXUS.net/qaeoq

Add to My Vault: x

Prune(Note 1)


Microsoft recently joined the chorus of voices warning to protect yourself before Friday against an email-borne worm that could bring down your PC completely but is doing so in such prudish terms that few will understand what it's saying.

In its Jan 30, 2006 Security Advisory 904420, Microsoft calls the worm Mywife - making no reference to any of the other names it's known by - Blackworm, Blackmal, Nyxem and, most recently and commonly, Kama Sutra.

Making doubly sure that it won't cause anyone any offence - even if its prudery could result in a whole bunch of totally non-working PCs - the Security Advisory sums up the whole issue with Kama Sutra by saying,

"The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message".

Don't understand? Us neither.

What we do understand, though, is the plain-speaking descriptions that almost everyone else is using for the subject line and contents of emails infected with this particular nasty.

We've come to think of Symantec's Norton Antivirus as close to being a virus itself but must commend the company for giving - in long-standing advice that goes back nearly two years - the sort of explicit detail that might offend Bill and his missus but does actually makes clear what people should be watching out for.

First, it lists out some of the possible subject lines, the choicest of which are:

+ <<~SEX~>> TeenRapers.mov
+ FW: (-Sucking-)
+ Re: Double suck (movie)
+ FW: Lesbian & gays Mpeg
+ Asses Mpeg's
+ FW:Re:Hot Erotic
+ FW: File - WebCam.mpeg
+ FW: **Hot Movie**
+ FW:RE: Least *21* Years
+ very hot XXX
+ RE: FW: Women Mpeg
+ Fw: My Funny Ass

Symantec then goes on to explain what's in the body of the email to, as Microsoft would have it, "entice users through social engineering efforts into opening an attached file in an e-mail message".

Among the messages that Symantec says might make you consider opening the attachment are:

+ Cum and check this fun group out...Sexy ladies!! Come post your ad,..this is a real swingers group!!
+ I'm attatching a Video Clip of my wife if interested in checking it out!
+ Watch the Paris Hilton Sex Tape for Free!
+ Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips
+ Check This ?ucking Babe ;D
+ ?ucking = Sucking=Fucking
+ Here is another Vclip of my daily group :|
+ All kinda Women Can be Found Here To Satisfy Women Lovers' Eyes
+ Dozens of Free Video Clips to download.Many Niches. Updated regularly and more added daily.Taken From Vivi's  Lovely Briefcase.
+ hey guys my name is April Goostree i am a sexy 22 yr old bbw , 5'9, 48 dd , big ole booty, jus lovin life, until i get my pics posted in here you can either check out my profile or join my own yahoo group Texas-Sexy@groups.msn.com, either way works for me..i hope to become very active in this group, i like to get to know people, like to get on cam once in a while, jus to chill, when they aint none home..thats why its once in a while yaknow..anyways jus holla at me... n thanks for lettin me join!!! kisses kandee..Bye
+ very good movie        >>> Video's Media Player. SEX SEX * Sluts Tits Video Mpeg's Mpeg Video Clips
+ -==This server does not support Transfer Big Movies==-                   wo Hotttt gurls sucking a hansum cock Softly
+ u Love asses? Here is a great ass open wide waitin for ur lil Cock
movie attached open by media Player 7.1
+ when i saw my ass i slept 3 hours why?? check my ass sorry my movie
LOOOOOOOOL joke (^!^)

The whole thing would be even more laughable if we were able to tell you that the Kama Sutra worm - or whatever you want to call it - were all Microsoft's fault, as has so often been the case in the past. But, when it comes to THAT important detail, Microsoft's Security Advisory doesn't leave room for any misunderstanding at all when it says, 

"As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependant on the user opening an infected file attachment."

And we won't even mention the missing "not" in the second para of the Security Advisory,

"Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware."

Of course, none of this will be of any real concern to you, will it, because you're not daft enough to be running without decent anti-virus and anti-trojan software? Or sad enough or stupid enough to open attachments in porn-related emails that get through or any in other email that looks even the slightest bit suspicious?

But if you are now thinking that a bit of anti-virus/anti-malware advice might come in handy before Friday, feel free to join us over in the HEXUS.community.

* (Note 1) - We wanted a shot of a prude but this was what picture editor came up with (we blame the teachers)!
* (Note 2) - Note 1 is a joke - a bit like Microsoft's....
* (Note 3) - There is no Note 3.



HEXUS Forums :: 10 Comments

Login with Forum Account

Don't have an account? Register today!
In case anyone does want to protect their PC against, viruses, worms, trojans and other sorts of malware, and doesn't have a lot of readies to throw at the problem before Friday (though the same nasty is supposed to strike every third day of the month), below are some of the free apps you can use - and with confidence, in my experience.

My current favourite anti-virus freebie is Grisoft's AVG Free [free.grisoft.com].

Set it to update daily and to run directly afterwards.

Trojans are well dealt with by
Lavasoft's Ad-Aware SE Personal Edition 1.06 [lavasoftusa.com].

and

Safer-networking's SpyBot Search & Destroy [safer-networking.org].

In my view you are better to have both of the last two installed and to run each of them at least once a week.

In addition, you should use Microsoft's own freebies (get them via Windows Update) and, if you are technically knowledgeable, also get Merijn's HiJack This [spywareinfo.com] but use it with EXTREME care.

To help you do that - but remember, any changes you make are down to you - there's a very useful auto-diagnostic tool here [hijackthis.de] into which you can paste the log file that HiJack This produces.

Other folks' suggestions are most welcome.
i don't see what is so confusing about that sentance. Although it does sound like a standard response. This could be used to describe dozens of 'famous' worms over the last few years.
and here's a little something from Symantec which could prove helpful: W32.Blackmal@mm Removal Tool [securityresponse.symantec.com]

cheers,

PD
Nice one Paul - I forgot all about that.

But, people, do make sure you've got your antis in place - and keep them up-to-date and run them regularly; better not to get any nasties in the first place than to remove them after they've done their work.
Funkstar
i don't see what is so confusing about that sentance. Although it does sound like a standard response. This could be used to describe dozens of 'famous' worms over the last few years.

Ah, I understand your thinking - cos they've used geekish gibberish in the past, it's okay to use it now.

Well, the absolute bottom line - in my view - is that Microsoft has a duty to communicate in such a way that ordinary mortals can understand what it's trying to tell them, especially if that's something that requires them to take some appropriate action.

By mentioning NOTHING specific about the possible subject lines and contents of the body of the email, MS has done people no favours at all - and the only reasons I can think it has copped out are either prudishness somewhere in the decision-making hierachy or the fact that the people who write such stuff are so cut off from the real world that they don't realise they are using gibberish.

It could, of course, be a combination of both.

It's also my belief that were you to take a straw poll of normal computer users - ordinary people who don't live and die computers - a large majority, if they even knew what social engineering meant, would think of it in the context of political science, rather than computer security.

But, perhaps, better that I test that theory by adding a poll to this thread .

Here, though, are two contrasting definitions, courtesy of Wikipedia [en.wikipedia.org]:

Social engineering (political science)
Social engineering in political science refers to efforts to systematically manage popular attitudes and social behavior on a large scale, whether by governments or private groups.

The term has a negative connotation, and is sometimes used as an accusation against any who propose to use law, tax policy, or other kinds of state influence to accomplish social goals. For instance, political conservatives in the United States have accused their opponents of 'social engineering' through their promotion of political correctness, on the basis that political correctness is an attempt to change social attitudes by defining 'acceptable' and 'unacceptable' language.

Social engineering (computer security)
Social engineering (computer security), is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that &#8220;users are the weak link&#8221; in security and this principle is what makes social engineering possible.

A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam). After earlier malicious e-mails led software vendors to disable automatic execution of attachments, users now have to explicitly activate attachments for this to occur. Many users, however, will blindly click on any attachments they receive, thus allowing the attack to work.