Another twist has been discovered with the newest worm making the rounds: Kama Sutra can fool Windows into accepting a malicious ActiveX control by spoofing a digital signature.
The Kama Sutra worm can fool Windows into accepting a malicious ActiveX control by spoofing a digital signature, a security company said Tuesday.
Sunnyvale, Calif.-based Fortinet said the worm -- which also goes by names such as Nyxem.e, MyWife.d, Grew.a, and Blackmal.e -- adds 18 entries to the Windows Registry to slip the ActiveX control by the operating system's defenses. "By creating the following entries, the control is considered 'safe' and digitally signed," said the Fortinet advisory.
The ActiveX control, added Fortinet, is used by the worm to automatically run its code each time the PC is turned on and Windows boots.
"The threat of worms like this will make them much more dangerous in the future," said Bojan Zdrnja, an analyst for the Internet Storm Center, on the group's site. "If a worm puts a fake certificate on an infected machine, MITM [Man-In-The-Middle] attacks become extremely easy. Of course, we all know that once the machine is infected you can't trust it, but this looks like another (big) problem for the average user."
As of late Monday, the Kama Sutra worm had infected more than 630,000 systems, said the Internet Storm Center.
The worm is considered particularly dangerous because it contains code that triggers an overwrite of all .doc, .xls, .mdb, .mde, .ppt, .pps, .zip, .rar, .pdf, .psd, and .dmp files on the third of each month.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.