By David Garrett
The Kama Sutra worm, also called W32/Kapser.A@mm by some security companies, was sent out by e-mail last Wednesday to some 50,000 users of Google's Video Blog group. Security experts say the worm is not a significant threat to people who have current antivirus updates installed on their computers, given that the Kama Sutra worm has been around for quite some time.
The virus is a worm -- a small program that can replicate itself, in this case by hijacking a user's e-mail system and sending itself to the user's correspondents.
The Kama Sutra worm arrives as a pornographic e-mail -- hence its name, a reference to an ancient Sanskrit text on sex believed to be written sometime between the first and sixth centuries A.D.
But oddly enough, the Kama Sutra virus -- and not just the ancient book it was named for -- is long in the tooth. The virus was first released in the early part of 2006, meaning that most companies have long since updated their antivirus programs to detect it.
Google's Video Blog Group is maintained by Google employees. Precisely how the worm slipped onto their machines is unknown.
Danger or Dud?
Expert Natalie Lambert said that few companies should be affected by Google's mishap. "Any enterprise worth its salt has been updating its antivirus components," she said. "They do this on a daily basis."
But according to Lambert, the picture for consumers was less sanguine. "The problem," she said, "is if you think about who the Google e-mail video group is likely to be, it's a lot of consumers. And consumers are the least likely to update their antivirus signatures."
In fact, many consumers don't invest in antivirus programs at all, according to Lambert. Instead, they leave their systems exposed to well-known attacks that can be simply and quickly prevented -- attacks for which a defense was formed months ago.
Heal Thyself
Even those who do own antivirus programs often fail to update them frequently.
Lambert noted that next-gen security products from Microsoft, Symantec, McAfee, and other companies address this problem by looking at new strategies for antivirus protection.
Instead of selling users standalone software and expecting them to update it themselves, or even respond to update alerts that software vendors provide, products such as Microsoft's Windows Live OneCare build greater automation -- and thus greater protection -- into their systems.
"That's what consumers need," said Lambert. "They need to be handed something that will essentially fix itself."
[TELECOM Digest Editor's Note: Maybe some of you have noticed that Grisoft AVG anti-virus is no longer going to have a *free edition* after early in January, 2007. If we want to use it, we will need to pay for it effective after next month. PAT]