Kama Sutra infection rates over inflated

31.01.2006
Original infection estimates for the Nyxem virus - also nicknamed the Kama Sutra worm- are grossly inflated, according to Sophos Labs. A more realistic infection figure is 260,000 instead of the original estimate of two million infections.

Sophos senior technical consultant Sean Richmond said the latest information from the SANS institute (US) shows the virus works by triggering a Web page hit to re-run the code every hour.

This has inflated the number of infected computers because multiple hits are being detected on the worm's homepage.

Richmond said the Sans Internet Storm Center has since been in contact with the hosting company, with both analyzing traffic data to find the source IP address.

"Nyxem uses a counter on the Web site it updates to," Richmond said.

"Initially it looked like it had large infections but it appears to be multiple hits from the same IP address so it appears it is running a Web counter and part of the reason for the interest was such large infection numbers, but it appears to be multiple hits from the same IP address on the Web site counter.