Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Kama Sutra Virus – a position you don’t want to get into…

Partner Cyberoam* brought this one to our attention. The kamasutra virus is being transferred in the form of a downloadable PPT/PPS file link. When the “presentation” (actually an exe file) is opened, users are treated to “illustrated” Kama Sutra positions. In the background the malicious code installation is started along with several other activities.

Commtouch’s Command Antivirus detects the file as W32/Backdoor2.HDIT. We ran the file through our sandbox which gave the following report:

  • Files Created:
    • C:Documents and SettingsuserLocal SettingsTemp1.tmpReal kamasutra.pps
    • C:Documents and SettingsuserLocal SettingsTemp1.tmpReal kamasutra.pps.bat
    • C:Documents and SettingsuserLocal SettingsTemp1.tmpacrobat.exe
    • C:Documents and SettingsuserLocal SettingsTemp1.tmpjqa.exe
  • Executes: “C:Program FilesMicrosoft OfficeOFFICE11POWERPNT.EXE” /s “C:Documents and SettingsuserLocal SettingsTemp1.tmpReal kamasutra.pps” – this is the part where (lucky?) recipients actually get to the see the PowerPoint file.
  • Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.
  • Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web.
  • Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.
  • Executes: cmd /c “”C:Documents and SettingsuserLocal SettingsTemp1.tmpReal kamasutra.pps.bat” “
  • Creates a hidden folder: c:windows~hpcc1230
  • Modifies the registry not to show hidden files.

Yes… we’ve included a screenshot (but this is a family-oriented blog so we made it less interesting).

*Cyberoam is a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...