Removal and Information on Blackmail, Blackmal, Virus

[Guest guest]

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=50198

http://www.symantec.com/avcenter/home_homeoffice/tools.list.htmlYou can also

scan your systems online using (use this only if you have broadband

connections)http://housecall65.trendmicro.com/

and please read the article below for more information on this virus.It would

be a good idea to install a firewall on your computers. Zonealarm is a good

firewall and it has a free version too. Visit www.zonelabs.com to download the

same. Please read the manual, instructions before use.Thanks and

RegardsBharatIMPORTANT ARTICLE

Security analysts are warning computer users about a new and

potentially destructive Internet worm that can obliterate important

documents. The worm, called Kama Sutra, is making the rounds now, but

is scheduled to execute its first massive attack on February 3.Detected

last week, the malicious worm targets computers running Windows and

spreads primarily by copying itself to shared network locations and

then sending itself to e-mail addresses found on afflicted computers.

With subject lines that read "the best videoclip ever,give me a

kiss," and "school girl fantasies gone bad," the worm entices computer

users to open the attached file.

"This worm feeds on people's willingness to receive salacious

content on their desktop computer, but they could be putting their

entire company's data at risk," said Graham Cluley, senior technology

consultant at Sophos.

According to Sophos, on the third of each month, the worm will

attempt to disable existing antivirus and firewall software and also

will delete specific files, such as Microsoft Office documents.

Waxing or Waning Threat

The worm -- also known as Blackworm, Nyxem-D, and W32.Blackmail.E,

among others -- was said by Sophos to be the most frequently sighted

e-mail worm last week. Sophos statistics indicate that, within the last

24 hours alone, the worm has accounted for some 23 percent of all virus

reports.

There are disagreements in the security industry about the severity

of the worm, with Symantec and F-Secure taking different positions on

the issue. Controversy stems from interpreting one of the worm's most

intriguing features: a Web counter. Once the worm infects a new

computer, it accesses a Web page on which there is a counter. The

counter number increases whenever the Web page is accessed.

Andrew Jaquith, a Yankee Group senior analyst, said that most

reports indicate that the counter had risen already to 700,000, which

could indicate that nearly a million computers are infected.

Much of the speculation in the industry about the potential for

damage done by the Kama Sutra worm centers on the counter number --

which might represent unique machines or accesses to the counter page

by the same machine more than once. One of the things that is "sorely

lacking" with mass outbreak malware like the Kama Sutra worm, Jaquith

said, is any real sense of how many machines are compromised.

"We still don't know, for example, how many machines were really

affected by the WMF vulnerability," he explained. "The antivirus

vendors don't seem to know either, or are unwilling to divulge much --

possibly because it would expose gaps in their signature coverage."

Back to Old-School

To address what is so far the most expansive malware attack in 2006,

speculation among security vendors and researchers has focused on the

destructive nature of the worm. Unlike most viruses currently in the

wild, the Kama Sutra code is not intended to reap the code writer a

windfall of ill-gotten gains. The hacker designed the worm to create

mayhem by destroying documents.

"The reason why experts at Sophos believe the worm is likely to have

been written by an old-school hacker rather than an organized criminal

is its destructive payload," Cluley explained. "That kind of

destructive behavior is not typical of financially motivated worms

because the damage is too obvious to the end user."

Frost & Sullivan analyst Rob Ayoub said he is not convinced that

the worm represents the work of an old-school hacker. This worm is

something that the industry has not seen in about a year. "This is just

something we haven't seen in a while. It's not a botnet or a zombie.

It's a throwback to malware that only seeks to create havoc."

ActiveX Controls

Of greater concern, said Ayoub, is the worm's ability to deceive

Windows into receiving a malicious ActiveX control by providing a phony

digital signature. Discovered originally by Fortinet, the worm

apparently adds some 18 entries to the Windows Registry, allowing it to

insert an ActiveX control that can circumvent Windows' defense

mechanisms.

The development is interesting, Ayoub said, because, heretofore, the

assumption has been that if a piece of software has a digital

signature, then it is safe. Ayoub said Microsoft will need to take a

serious look at digital-signature technologies.

"In the past, it has always been if the company signs it, then it

must be authentic," Ayoub said. "Microsoft needs to look at the digital

signing process or else we will see more things like this and that is

pretty dangerous because that gets around some of the safeguards that

are supposed to keep these things out."

Analysts are urging computer users, especially home users, to

make sure that they have up-to-date antivirus software installed on

their machines. "There should be no excuse for any data being lost on

February 3 by this worm, but there is always the danger that some home

users will not have heard that warning," Cluley said.