SecurePurdue initiative issues alert on computer worm

Scott Ksander, senior security analyst for Information Technology at Purdue (ITaP), said that this is the first computer worm that has this capability to cause damage.

"This worm has the objective to actively destroy files on computers infected with the worm," he said.

The worm is set to cause damage on Feb. 3 and the third of every month thereafter. The worm is known as the "Kama Sutra worm" and also by the names Blackworm, Blackmal, Nyxem, MyWife and Tearec. Ksander said the worm will only damage computers running Windows-based operating systems.

A computer worm is a self-replicating computer program that is similar to a computer virus. Computer worms are self-contained and do not need to be part of another program to propagate themselves, Ksander said.

The worm spreads via e-mail attachments and file-sharing programs. Some of the messages contain enticing or suggestive language that encourage users to open the attachment or file. Once the attachment or file is opened, the computer becomes infected with the worm.

"If a system is infected, this worm will disable most anti-virus products and delete them," Ksander said. "The worm will then add itself to the list of auto-start programs in your computer's registry and e-mail itself using a variety of file names. Because of the destructive nature of this worm, it is likely that a compromised system will need to be entirely rebuilt in order to effectively eradicate the worm."

Addam Schroll, ITaP security analyst, said that to prevent the worm from infecting a computer, users should make sure that their anti-virus software has been updated within the past week.

"Anti-virus data files dated Jan. 23 or later should be OK, according to the SANS Internet Storm Center," Schroll said.

ITaP has been reviewing network logs on Purdue's West Lafayette campus to check for the virus and has found no evidence of it at this point.

"We'd like to remind computer users to be suspicious any e-mail attachments or files from an instant messaging program that are unexpected, no matter how interesting they may appear," Ksander said. "E-mail attachments or instant message files should only be opened when the original message was sent from a known and reliable source. If there are any doubts about the e-mail, attachment or file, the safest course of action is to delete the message without accessing the attachment or file."

Computer users also should protect their systems with current anti-virus software and system patches. Purdue has free anti-virus software for students, staff and faculty available for download.

More information about this computer worm and general information on computer security is available at the SecurePurdue Web site. SecurePurdue is a major initiative that focuses on improving the security of data and campus information technology resources on all Purdue campuses.

Sources: Scott Ksander, (765) 496-8289, ksander@purdue.edu

Addam Schroll, (765) 494-6599, addam@purdue.edu

To the News Service home page