February 2nd, 2006

If, when you fire up your PC tomorrow, it happens to be infected with the [tag]Kama Sutra[/tag]/[tag]Nyxem.e[/tag]/[tag]MyWife.d[/tag]/[tag]Grew.a[/tag]/[tag]Blackmal.e[/tag] worm then you have half an hour to save your .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, and .dmp files.

I know there has been a lot of media attention give to this worm and to be honest, if you have a good backup then it shouldn't be a problem (because you can restore any deleted files).  Problem is, if you have Kama Sutra on your system then you either don't have antivirus installed or you've not kept it up-to-date and scanned your system.  If this is the case you're unlikely to be the kind of person who has a good backup.

The effects of a Kama Sutra attack are clear - all files with the extension listed above will be overwritten and all you will see when you try to access them is the following message:

[tag]DATA Error [47 0F 94 93 F4 K5][/tag]

I'm not going to go into scanning here, or removal, all these are covered in the links listed below.  What I am going to say is that if you do come across a PC that's been hit, be careful about allowing it access to a backup data source that can be overwritten (so be careful if using external hard drives and USB keys, but CDs or DVDs should be OK).  Make sure that you eradicate the worm before trying to recover files.

If you have a business that relies of PCs and you haven't got good antivirus coverage, then plan for problems.  If you work with other companies that are heavily IT dependent then prepare for problems too.

Oh, and remember to scan your data backups - you don't want to reintroduce Kama Sutra back onto systems that you've spent time cleaning!

