First Y2K, now Kama Sutra. Media whipped into a frenzy by anti-virus vendors who outdid each other predicting the end of computing as we know it… or did they?

Boston Herald:

“A lot of these Trojans and mass-mailer worms come from either porn sites or free MP3 sites where people are trying to find free files or software,” said David Frazer, director of the North America technologies group for F-Secure Corp., a security software firm.

“As each individual user is infected, the worm will connect to a Web page that includes a counter so the hacker can see how many computers were hit. That number was about 300,000 as of yesterday,” Frazer said.

“Three hundred thousand in the world of PCs doesn’t sound like much, but because of their e-mails, it can (propagate) to 15 million PCs,” he said.

The opening bid was raised by the time Monsters & Critics reported:

The worm is thought to have infected as many as 500,000 computers, mostly in India, Peru, Turkey and Italy, according to Mikko Hypponen, chief research officer for security company F-Secure Corp.

Meanwhile, a/v vendor CA has ranked the overall threat risk from the virus as low since 17 January 2006. Microsoft and Email Battles agreed that, at worst, EB erred on the side of caution, recommending that network managers pre-start workstations before physically attaching to networks, just in case.

By that time, however, it was too late for reason. The story about a virus catching millions of porn addicts red handed was simply too juicy to resist. The media ran with it.

So the shoe dropped. The virus erupted and… what happened? Some after-the-fact reports…

  • CBC News: Kama Sutra virus fizzles in Japan, Hong Kong:
    Experts said there were no reports of problems caused by the so-called Kama Sutra virus in the Asian financial centres Hong Kong and Tokyo.

  • PC Mag: Blackworm/Kama Sutra Virus Goes Bust:
    Rather than disabling up to 500,000 PCs that were expected to be infected, the virus had hit only a few thousand computers by midday in continental Europe, mostly from individual consumers, according to several computer security firms.

  • BBC NEWS: ‘Limited’ damage from Nyxem virus:
    The Indian chapter of the Computer Emergency Response Team said … no-one was reporting data losses. Similarly, computer security workers in Australia, Hong Kong and Japan said damage was light to non-existent … MessageLabs suggested that the number of infected machines pumping out copies of the virus had fallen to about 20,000 from the earlier high.

  • Forbes reports that some are still skeptically waiting:
    “It’s well past the deadline but we haven’t confirmed any cases of the Kama Sutra in Japan, which suggests we’re not looking at a major outbreak,” said Itsuro Nishimoto, an executive at Tokyo-based computer security company LAC Corp.

And what have we learned?

Next time a major security scare hits, pay attention to who the news outfits are quoting. All too often it’s the same source. Another case of deja vu all over again.

Aliases: CME-24, Blackmal.F, Grew.A, Kama Sutra, Kapser.A, MyWife.d, MyWife.E, Nyxem-D, Nyxem.e, Nyxem.F, Small.KI, Tearec.A, VB.bi, VB.NEI, VB-CD, VB.CIL, VB-8 and KillAV.GR.