Another twist has been discovered with the newest worm making the rounds: Kama Sutra can fool Windows into accepting a malicious ActiveX control by spoofing a digital signature.
The Kama Sutra worm can fool Windows into accepting a malicious ActiveX control by spoofing a digital signature, a security company said Tuesday.
Sunnyvale, Calif.-based Fortinet said the worm -- which also goes by names such as Nyxem.e, MyWife.d, Grew.a, and Blackmal.e -- adds 18 entries to the Windows Registry to slip the ActiveX control by the operating system's defenses. "By creating the following entries, the control is considered 'safe' and digitally signed," said the Fortinet advisory.
The ActiveX control, added Fortinet, is used by the worm to automatically run its code each time the PC is turned on and Windows boots.
"The threat of worms like this will make them much more dangerous in the future," said Bojan Zdrnja, an analyst for the Internet Storm Center, on the group's site. "If a worm puts a fake certificate on an infected machine, MITM [Man-In-The-Middle] attacks become extremely easy. Of course, we all know that once the machine is infected you can't trust it, but this looks like another (big) problem for the average user."
As of late Monday, the Kama Sutra worm had infected more than 630,000 systems, said the Internet Storm Center.
The worm is considered particularly dangerous because it contains code that triggers an overwrite of all .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, and .dmp files on the third of each month.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.