Few reports of damage to computers were reported Friday as a result of the a mass-mailing Kama Sutra worm, according to Symantec Security Response.
The worm, also known as W32.Blackmal.E@mm, attempted to deliver a payload that would overwrite user files such as Microsoft Office and PDF documents, a Symantec report said.
While investigating the workings of the payload, Symantec researchers determined that a flaw in the worm prevents it from doing damage to newer computers.
When Blackmal.E searched computer drives to find files to overwrite, the worm would skip the first drive and then try to overwrite files on the next drive. This meant that if a computer had a floppy drive (A:), it would skip it and move onto the next drive, which would generally be the user’s hard drive (C:), the report said.
However, if the computer did not have a floppy drive, which was common in newer machines, the first drive would be the hard drive (C:) which the worm would skip and try to overwrite files to the next drive (D:). In many cases this would be a CD/DVD ROM, which the worm would not be able to access and the process would then abort, the report said.
Symantec believed that the lack of damage could also be attributed to the availability of updated antivirus definitions for weeks in advance of the February 3 deadline.
User awareness, updating antivirus definitions and cleaning up infections ahead of the payload date also helped, the report said.
Symantec rated Kama Sutra as a Category 2 threat on a scale of 1 to 5 with 5 being the most severe. Kama Sutra attempts to disable and remove Internet security software. The worm is programmed to execute on the third day of every month. March 3 is the next target day.
“Even if data is safe, users infected should get a removal tool to clean and repair their systems,” said Vincent Weafer, senior director at Symantec Security Response.
Symantec recommends that users: