by CIO Staff

Google Accidentally Sends Kama Sutra Worm

Nov 08, 20062 mins

Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.

“On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted,” Google said in a statement, posted late Tuesday night.

“Some of these posts may have contained a virus called W32/Kapser.A@mm—a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it,” said the statement, which was attributed to the Google Video Team.

W32/Kasper.A@mm is better known as the Kama Sutra worm. Discovered in January, it deletes files and registry keys on affected systems. It is blocked by most antivirus software.

Google uses its Video Blog group to let subscribers know when “interesting and fun” videos have been highlighted on the Google Video Blog. E-mails to the group’s mailing list are posted by a handful of Google employees, called Google Video Team.

This team was responsible for sending out the malicious e-mail Tuesday night, said Gabriel Stricker, a Google spokesman.

Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.

Google has seen a growing number of technical glitches lately, something observers are attributing to the company’s breakneck growth over the past few years. One month ago, hackers found a way to publish a fake poston Google’s official blog. The company also experienced service disruptions with its Blogger service recently that have left some users fuming.

Still, Google isn’t the only company to accidentally distribute malware on a mailing list, according to Graham Cluley, a senior technology consultant with security vendor Sophos. “Even mailing lists run by security firms have sometimes accidentally had malware posted to them, ” he said in an e-mail interview. “But everyone can learn a lesson.”

-Robert McMillan, IDG News Service (San Francisco Bureau)

Related Link:

  • Official Google Blog Hacked

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.