Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected

“A fast-spreading e-mail worm is raising alarms because its sole purpose is to obliterate the everyday working documents widely used by consumers, students and businesses. The Kama Sutra worm — also referred to as Nyxem.E and Grew.A — is unnerving because, unlike other e-mail worms, it appears to be detached from any profit motive. It is designed to destroy all Microsoft Word, Excel, Access and PowerPoint documents and Adobe Acrobat and Photoshop files on all hard drives connected to an infected PC,” Byron Acohido and Jon Swartz report for USA Today. “The worm appears in e-mail in-boxes with subject lines such as ‘hot movie,’ ‘A Great Video’ or ‘Crazy illegal Sex!’ enticing the recipient to click on an attachment. One variation makes reference to the ancient Sanskrit book on sexual positions.”

“By clicking on the attachment, the victim launches a program that disables anti-virus protection. The infected PC then begins to send copies of similarly tainted e-mail to every e-mail address on the victim’s hard drive,” Acohido and Swartz report. “But while most e-mail worms also plant a back door to give an intruder control of the PC, or a program to steal log-ons and passwords, this worm’s sole purpose is destruction. It implants a program to erase common work files on the third day of the month, hitting even external data-storage devices connected to the infected PC. IDefense, a VeriSign company, confirmed the deletion program works. More than 500,000 PCs are believed to have been infected since it first appeared on Jan. 16. That’s a modest infection rate, but victims face grim consequences. On Friday — Feb. 3 — any infected machines will lose all Microsoft documents and Adobe files.”

Full article here.
Presumably because they can’t report correctly or they think everyone uses Windows or perhaps because USA Today derives much more advertising revenue from Windows-related companies such as HP, Dell, Microsoft, etc. than from Apple Mac-related entities, Acohido and Swartz neglect to mention how Mac users are affected by this nasty worm. Amazingly the duo can’t muster one single mention between them for their readers that 20+ million Mac OS X users are unaffected. Who said two heads are better than one? All it would’ve taken was a single simple sentence: “Macs are unaffected.” Instead, nothing; although it’s certainly newsworthy and would be news to many of their readers that Mac users are immune to this destructive worm. They don’t even state it’s a Windows problem! This article (and others like it) protects Microsoft and hurts Apple by omitting easily reportable facts.

So, while we understand the situation, let’s all feign ignorance, so that the “reporters” and USA Today will see the confusion they have caused. Perhaps a few email questions will help USA Today to properly report the basics in the future, so that tomorrow’s fish-wrap readers will be able to see for themselves this simple fact:

Macintosh. Because life’s too short.

Here’s a simple email example:

Dear USA Today,

I read your article “E-mail worm bent only on destruction” today with great alarm. I have many Adobe and Microsoft files on my PC and I certainly do not want them all to be deleted on February 3rd. I am very worried about possible infection. Your article didn’t mention which kind of computers are at risk. Can you please tell me if my Apple Macintosh is affected by this destructive worm?

Thank you very much,
Mr. or Mrs. Fish Wrap Reader

Contact information:
Online form for USA Today Letter to the Editor
Byron Acohido:
Jon Swartz:

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related articles:
Attempting to protect Windows PCs from viruses, worms while Mac users surf the Net with impunity – January 31, 2006
eWeek: Intel transition a ‘security non-issue’ for Apple Mac – January 30, 2006
Security technologies that have made Mac OS X secure for PowerPC remain same for Intel-based Macs – January 27, 2006
Windows virus threatens 170-year-old Toldeo newspaper’s perfect record, Apple Macs save the day – January 27, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005

62 Comments

  1. Here’s what I sent:

    >> Your 01/30/06 Tech article “E-mail worm bent only on destruction” by Byron Acohido and Jon Swartz <http://www.usatoday.com/tech/news/computersecurity/2006-01-30-email-virus_x.htm&gt; was brought to my attention. I see it was Posted 1/30/2006 10:04 PM and Updated 1/30/2006 10:29 PM. Could you please update it again to clarify if _all_ PCs are at risk, including Macintosh personal computers, or just Windows PCs. Could you also increase the size of your Feedback box — it is ridiculously small. Thanks. <<

    When I hit the Submit button, I too rec’d the “Server Error in ‘/’ Application. A potentially dangerous Request.Form value was detected” msg, so I removed the URL I was trying to include and was able to send my feedback. I think this is vitally important the we demand that the media and reporters be accurate when they write about viruses, et al. I mean, Vista isn’t even shipping yet, yet viruses have already been written for its Beta! Yet Mac OS X has been out five years and hasn’t been hit yet. The generalization of visues and all PCs needs to stop.

  2. Fish wrap

    Ha! I haven’t heard this desciption for a “rag” in a long time.

    It comes from fact that some oriental people (and probably others) use newspaper to wrap dead fish in at markets.

    Some “free” newspapers purposely place a lot of their papers at these locations in order to artifically increase their circulation.

    Now a “rag” is pretty degrading term for a newspaper, it stems from the days that newpapers were made with recycled cotton.

    The recycled cotton came from used underwear

    So basically calling a newspaper a “rag” means it’s “shitty”.

    LOL

  3. I added the following to the MDN suggested letter:

    Dear Editor,

    I read your article “E-mail worm bent only on destruction” today with great alarm. I have many Adobe and Microsoft files on my PC and I certainly do not want them all to be deleted on February 3rd. I am very worried about possible infection. Your article didn’t mention which kind of computers are at risk. Can you please tell me if my Apple Macintosh Powerbook G4 running Mac OSX 10.4.4 without an anti-virus application is affected by this destructive worm?

    Thank you very much,
    Mr. or Mrs. Fish Wrap Reader

  4. As I read about how poorly coded Windows is, I can’t help but wonder what is up with the MS software engineers.

    How could such a huge product from a huge company be so poorly written?

    Bashing aside, there must be reasons!!!

    Are MS employees disgruntled with the company?
    Are the security holes intentional?
    Did someone at MS sabotage Windows? Maybe felt bad about the Apple-MS “agreement”.

    Anyone?

  5. As I read about how poorly coded Windows is, I can’t help but wonder what is up with the MS software engineers.

    How could such a huge product from a huge company be so poorly written?

    Bashing aside, there must be reasons!!!

    Are MS employees disgruntled with the company?
    Are the security holes intentional?
    Did someone at MS sabotage Windows? Maybe felt bad about the Apple-MS “agreement”.

    Anyone?

  6. As I read about how poorly coded Windows is, I can’t help but wonder what is up with the MS software engineers.

    How could such a huge product from a huge company be so poorly written?

    Bashing aside, there must be reasons!!!

    Are MS employees disgruntled with the company?
    Are the security holes intentional?
    Did someone at MS sabotage Windows? Maybe felt bad about the Apple-MS “agreement”.

    Anyone?

  7. As I read about how poorly coded Windows is, I can’t help but wonder what is up with the MS software engineers.

    How could such a huge product from a huge company be so poorly written?

    Bashing aside, there must be reasons!!!

    Are MS employees disgruntled with the company?
    Are the security holes intentional?
    Did someone at MS sabotage Windows? Maybe felt bad about the Apple-MS “agreement”.

    Anyone?

  8. I will admit (I’m sure to the great satisfaction of many here) that we were hit by this virus. A developer from India launched the attachment (yes, we traced it to him – everything in our network is logged) and it installed on his system because, of course, he’s a developer and he _needs_ local admin rights. And from there it spread to his immediate peers – some of whom trusted it because it came from him. Those who did _not_ have admin rights to their systems (which is the company standard) did not get infected even if they clicked on it.

    About 30 minutes after the developer got hit we received an email alert from Symantec about the worm (we didn’t even know that he was infected). We manually updated our parent AntiVirus server (which is set to check Symantec for updates every four hours) and got the new AV definitions. Within 30 minutes all 5,000 of our systems (distributed throughout the US) had received the new defs and were protected.

    In all, 8 systems were infected – and none of them lost any data.

    So – for corporations with a functioning IT department at least – no biggie.

  9. Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit operating system originally coded for a 4-bit microprocessor by a 2-bit company that can’t stand 1 bit of competition.

  10. ********** ********** ********** **********
    BE CAREFUL – THIS ONE MAY ALSO DESTROY FILES ON MACS
    (If they are sharing drives with infected Windows machines)
    ********** ********** ********** **********

    I plan to do the following on my Mac servers:
    1). Do a full backup.
    2). Turn off SMB, FTP and WEBDAV write for the 2nd, 3rd and 4th.
    3). Show WinSCP to the Windows users who need access.
    4). Consider writing a script to search for files that have been destroyed (start with “DATA Error [47 0F 94 93 F4 F5]” string.

  11. Perhaps Windows users are epinephrine-deprived persons who crave the inherent dangers of Microsoft and the rush of never knowing what will ensue with the next key stroke.

  12. What happens if on Thursday , you set the system date to the 1st, on Friday startup it will be the 2nd, at the end of the day prior to shuting down you set the date to the 4th and correct the date on Saturday or the next startup ??

    I think therefore I’m not sure

  13. Johnny Motel,

    as an ageing Brit, I was also intrigued by the reference to fish, because up until the 1970’s our favourite fast food, fish n’ chips, was always wrapped in newspaper – and you often found yourself reading while eating.

    Those two jounalists have received a lot of emails – including one each from me.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.