Google accidentally sends out Kama Sutra worm
The least-loved item in 50,000 in-boxes today
IDG News Service - Google Inc. accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.
"On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night.
"Some of these posts may have contained a virus called W32/Kapser.A@mm -- a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it," said the statement, which was attributed to the Google Video Team.
W32/Kasper.A@mm is better known as the Kama Sutra worm. Discovered in January of this year, it deletes files and registry keys on affected systems. It is blocked by most antivirus software.
Google uses its Video Blog group to let subscribers know when "interesting and fun" videos have been highlighted on the Google Video Blog. E-mail to the group's mailing list are posted by a handful of Google employees, called Google Video Team
This team was responsible for sending out the malicious e-mail Tuesday night, said Gabriel Stricker, a Google spokesman.
Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.
Google has seen a growing number of technical glitches lately, something observers are attributing to the company's breakneck rate of growth over the past few years. One month ago, hackers found a way to publish a fake post on Google's official blog. The company also experienced service disruptions with its Blogger service recently that have left some users fuming.
Still, Google isn't the only company to accidentally distribute malware on a mailing list, according to Graham Cluley, a senior technology consultant with security vendor Sophos PLC. "Even mailing lists run by security firms have sometimes accidentally had malware posted to them, " he said in an e-mail interview. "But everyone can learn a lesson."
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts