Blackworm, KamaSutra, Grew, MyWife: call the slimy worm what you will. If
you have it, you know it already as you’ve likely lost most of your content
Security experts have been warning
for over a week that the worm designated CME-24 and known by various other
more colorful names was set to deliver its nefarious payload today.
On victims’ PCs, CME-24 overwrote at least 11 different file types,
including all .doc, .xls, .ppt/.pps and .pdf files, among others.
Security firm LURHQ reported that the total number of
users infected worldwide is close to 600,000. E-mail security firm Postini
reported that over the course of this week, CME-24 and its variants were
numbering approximately 200,000 intercepted messages every day.
Yet despite all the clamor, CME-24 is not the most active virus, at least according to Finnish security firm F-secure. It reported CME-24 as only the third most virulent virus detected in the last 24 hours at
A Netsky variant came in second at 16 percent and a bagle
variant placed first at 24.8 percent.
It is also unclear at this point exactly how much actual damage the CME-24 virus caused.
Ken Dunham, director of the Rapid Response Team at iDefense, reported that
a significant percentage of infected computers was successfully cleaned of
the worm before the Feb. 3rd over-write date, largely due to security expert
and media efforts to date.
All major security vendors updated their
anti-virus signatures long before today in order to protect users
against the worm.
The well-publicized payload delivery date likely helped limit the worm’s
total damage. Dunham noted that the deadline gave vendors and users time to
identify and remove the threat, which many did successfully.