November 2006
Mon Tue Wed Thu Fri Sat Sun
« Oct   Dec »

Day 2006.11.08

Google accidentally sends out Kama Sutra worm

From our friends at Macworld:

Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.

“On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted,” Google said in a statement, posted late Tuesday night.

“Some of these posts may have contained a virus called W32/Kapser.A@mm — a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it,” said the statement, which was attributed to the Google Video Team.

W32/Kasper.A@mm is better known as the Kama Sutra worm. Discovered in January of this year, it deletes files and registry keys on affected Windows systems. It is blocked by most antivirus software.

Google uses its Video Blog group to let subscribers know when “interesting and fun” videos have been highlighted on the Google Video Blog. E-mail to the group’s mailing list are posted by a handful of Google employees, called Google Video Team

This team was responsible for sending out the malicious e-mail Tuesday night, said Gabriel Stricker, a Google spokesman.

Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.

It’s about time those smug, self-satisfied Google users joined the real world instead of living a “security doesn’t matter” fantasy land.

Google, as you know, is powered through invisible programs that live on every personal computer. And yet despite this massive security hole, Google users have continued to believe that they were immune to viruses, worms, and other security threats that only I, as a columnist, could see coming.

They perform search after search, day after day, believing they’re better than those of us who use Alta Vista, which as you know is the world’s leading search engine and therefore used by all people who are smart enough to read IT columns. Even this blatant example of how using Google can completely destroy your systems is unlikely to awaken them from their cult-induced sense of superiority.

When contacted for comment, Google’s spokesperson, who said things I don’t believe and therefore was obviously lying, said that this heinous security breach had nothing to do with the Google search engine, even though the names are exactly the same. But I saw my good hacker friends take over a system that had Google running on it at the time, so this misdirection doesn’t fool me, and it shouldn’t fool you either.

I can tell you this without revealing details of all the secret demos I want you to believe I’ve watched and perhaps understood: this should be a glass of water in the face of all those insufferable Google users. Using Google makes you just as likely to get a virus (or, as I more correctly call them, “thromboses”) as if you use Windows or ATM machines. I know it won’t wipe the smirks off their faces, but I’ll still go to bed tonight muttering to myself as if it would.

[OK, ZDNet – can we have the column gig now?]