The worm has the potential to wipe out user data and "significantly compromise corporate servers," warned security researchers at storage management firm Acronis. The company's security team recommends that firms have not only a current backup image of their hard drives, but also up-to-date anti-spyware and anti-virus software.
Acronis marketing director Stephen Lawton said IT managers and users can put policies in place so that they are protected should a computer become infected: "We strongly recommend that all users create an image of their computer systems before the damage is done and keep those images up to date by regularly backing up their systems. That way, if your system is damaged by a virus or other disaster, you will be able to restore the system to a known, working condition in minutes, not hours or days."
The Kama Sutra Worm, also called Tearec.A, Nyxem or Blackmal, began to spread to computers worldwide two weeks ago through emails alluding to erotic content, and is programed to activate on the third of every month. It is designed to delete files with certain extensions, and disable certain security products.
"The main priority now is to minimize the effect of this worm," said Luis Corrons, director of PandaLabs. "Therefore, the usual recommendations apply: keep security solutions up-to-date and scan the entire system to ensure that it is free from threats."
If a user runs one of the Kama Sutra attachments, the worm begins to spread using its own SMTP engine, starts deleting files related to security tools installed on the system or on accessible remote systems if the computer is part of a network. In addition, on the third of every month, it tries to disable files with certain extensions (.doc, .xls, .mdb, .ppt, .zip, .rar, .pdf, or .psd, among others), corresponding to some of the most widely used applications such as Microsoft Word, Excel, Access, PowerPoint, Acrobat Reader or Adobe Photoshop. Another notable characteristic is its use of a counter on a web page to register the number of infections.
"It is difficult to evaluate the impact of this worm because the counter in itself is not a good reference," added Corrons. "It seems that many registries in the counter have been from the same IP, so the total number of infections would be considerably less than indicated. Nevertheless, Kama Sutra is still a significant threat - this is why we are on staying alert on the date of activation."