|
ESET, a global provider of security software, today advised users to protect themselves from the Kama Sutra worm. Also known as Blackmal, Nyxem and VB.NEI (Eset’s name), or CME-24, the worm is set to activate on February 3, 2006.
Win32/VB.NEI is a typical mass-mailing email worm, which relies on users to click on an attachment to execute. It also attempts to spread via network shares. The worm is compressed down to 95,690 bytes using the UPX runtime executable packer. On the 3 rd day of every month, starting on February 3, 2006, VB.NEI will overwrite popular security applications along with files that have any of the following extensions: .doc, .xls, .mdb, mde, .ppt, .pps (These are usually Microsoft Office files) .zip, .rar (These are usually archive files) .pdf, .psd (These are usually Adobe Acrobat or Photoshop files) For a complete description of the VB.NEI worm, please refer to our website at: http://eset.com/msgs/vbnei.htm . Computers without adequate protection from the Kama Sutra worm could suffer devastating data loss. ESET recommends that organizations and individuals follow three safe practices. - Avoid social engineering tricks – Do not click on email attachments or links in emails. Verify that the sender is a trusted source. Then, save attachments to your disk, examine the real filename first.
- Ensure that you’re running proactive antivirus software that excels at detecting new zero-day threats. Recent comparative tests performed by AV-Test.Org, an independent antivirus and anti-spyware testing organization, located at the University of Magdeburg, show ESET’s NOD32 detected the worm proactively – without signature updates. Results are published here: http://www.pcmag.com/article2/0,1895,1916880,00.asp
- Implement and practice a consistent, frequent backup policy. Data loss can occur for many reasons not attributed to malware. It’s good to be safe.
ESET offers a free 30-day trial of its proactive antivirus software, NOD32, which can be downloaded from the website at www.eset.com/download/ | 
