File-Destroying Worm Causes Little Damage So Far

A file-destroying computer worm set to activate Friday caused relatively little damage in Asia and Europe, although one Italian city shut down computers as a precaution.

Hundreds of thousands of computers were believed to be infected, but many companies and individuals had time to clean up their machines this week after security vendors and media outlets warned of the "Kama Sutra" worm.

"It's been pretty quiet," said Mikko Hypponen, chief research officer for Finnish security company F-Secure Corp. "We know the word is out there."

In Milan, Italy, technicians switched off 10,000 city government computers after discovering the infection Thursday and deciding they didn't have enough time to clean the machines.

"It has spread to all our computers," said Giancarlo Martella, Milan's councilman for technological innovation and public services. "Knowing how destructive it is, we turned off all personal computers to avoid losing our data."

Only the municipality's registry office had been kept open because its "passive terminals" don't store data, Martella said, adding he hoped the computers would return to normal by Monday.

Experts had warned earlier that the worm, also known as "CME-24," "BlackWorm," or "Mywife.E," could corrupt documents using the most common file types, including ".doc," ".pdf," and ".zip." The worm, nicknamed after the Hindu love manual Kama Sutra because of the pornographic come-ons in e-mails spreading it, affects most versions of Microsoft Corp.'s Windows operating system, prompting the software giant to issue a warning Tuesday.

Although the worm tries to disable anti-virus software, vendors have generally posted updates that should protect users.

Security vendors Trend Micro Inc. and CA Inc. both assessed the overall risk and distribution as low. The worm wasn't expected to spread any more quickly Friday. Rather, Friday was the first trigger date for the file-destroying code.

"It's well past the deadline but we haven't confirmed any cases of the Kama Sutra in Japan, which suggests we're not looking at a major outbreak," said Itsuro Nishimoto, an executive at Tokyo-based computer security company LAC Corp.

A manager at Hong Kong's official coordination center for computer emergencies said he had not received any reports or calls for help from those infected by the worm.

"It began spreading late last month but we haven't received any calls in the past two weeks," Roy Ko said. "We don't expect to receive any today, either."

Ajit Pillai, India's manager for U.S. security firm Watchguard Technologies Inc., said about 10 percent of his customers in the country had the worm, but they "followed the remedies and managed to avoid any problem."

"We didn't have to do any firefighting today," Pillai said.

Unlike other worms generally designed to help spammers and hackers carry out attacks, Kama Sutra could inflict more damage because it sets out to destroy documents.

"This virus is nowhere near as widespread as some of the (recent virus) cases," Hypponen said. "The reason it's talked about is because it's more destructive."

He said damage is high among those hit, but many businesses should already be protected by anti-virus software. Home users and smaller companies without the latest software updates may be more vulnerable.


Associated Press writers Ariel David in Rome, Sylvia Hui in Hong Kong and S. Srinivasan in Bangalore, India, contributed to this report.

Copyright 2005 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.