Kama Sutra Virus

Information about the 'Kama Sutra' computer worm.

Virus:   Kama Sutra (aka Nyxem.E, Grew.A, Blackmal.E, MyWife.D)

Status:   Real.

Example:   [Collected via e-mail, 2006]

Blackmal.E, a new Windows worm (which is like a virus), was discovered on January 20. It spreads as an e-mail attachment and will activate on February 3 and on the third day of every month thereafter.

Once activated, Blackmal.E will erase all Word, Excel, Access, PowerPoint, and Acrobat (PDF) documents, in addition to other file types. It is possible you are infected and do not know it yet, especially if the antivirus software on your computer has not been updated recently.

Keep in mind the worm will activate on Friday, February 3, and on the third day of every month thereafter. It is important, therefore, ALL computer users update their virus protection quickly and often — especially on home computers.

Origins:   The

Kama Sutra worm (so named because the messages it sends to replicate itself contain phrases such as “Fuckin Kama Sutra pics,” sent under subject lines such as “Crazy illegal Sex!” and “Sex Video”) is a fast-spreading e-mail worm designed to destroy Microsoft Office documents (Word, Excel, Access and PowerPoint) as well as Adobe Acrobat and Photoshop files on all hard drives connected to infected PCs.

When a recipient opens the attachment to a message generated by the worm (also known as Nyxem.E, Grew.A, MyWife.D, or Blackmal.E), a program is launched that disables anti-virus protection on the target PC. The infected PC then begins to replicate the worm by sending copies of similarly infected messages to e-mail addresses found on the victim’s hard drive.

The Kama Sutra worm does not seem intended to plant back doors on infected PCs or to steal passwords or other personal information, but simply to destroy documents. It implants a program that erases common work files from all data-storage devices connected to infected PCs on the third day of every month, with the first wave of destruction to be launched on 3 February 2006.

As usual, the defense is to make sure your PC has anti-virus software installed with up-to-date definitions, or — if your PC has already been infected — to reinstall and run an anti-virus program updated to protect against the worm.

Additional information:

W32/MyWife.d@MM!M24 W32/MyWife.d@MM!M24 (McAfee)

Last updated:   1 February 2006


  Sources Sources:

    Acohido, Byron and Jon Swartz.   “Bin Laden ‘Suicide’ Virus on Net.”

    USA Today.   31 January 2006   (p. B1).

Since 1994
A Word to Our Loyal Readers

Support Snopes and make a difference for readers everywhere.

  • David Mikkelson
  • Doreen Marchionni
  • David Emery
  • Bond Huberman
  • Jordan Liles
  • Alex Kasprak
  • Dan Evon
  • Dan MacGuill
  • Bethania Palma
  • Liz Donaldson
  • Vinny Green
  • Ryan Miller
  • Chris Reilly
  • Chad Ort
  • Elyssa Young

Most Snopes assignments begin when readers ask us, “Is this true?” Those tips launch our fact-checkers on sprints across a vast range of political, scientific, legal, historical, and visual information. We investigate as thoroughly and quickly as possible and relay what we learn. Then another question arrives, and the race starts again.

We do this work every day at no cost to you, but it is far from free to produce, and we cannot afford to slow down. To ensure Snopes endures — and grows to serve more readers — we need a different kind of tip: We need your financial support.

Support Snopes so we continue to pursue the facts — for you and anyone searching for answers.

Team Snopes