Feeds

Anna Kournikova bug drops harmlessly onto the Net

'Potentially devastating': you cannot be serious!

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Much like the tennis star herself, the Anna Kournikova worm created a lot of interest and attention when it hit the Net - but lacks anything like a powerful smash.

As we previously reported, an Internet-based email worm that masquerades as a picture of tennis star Anna Kournikova is spreading fast after been unleashed on the Internet yesterday. MessageLabs, which scans its users' email for malicious code has intercepted 20,000 copies of the worm since yesterday.

However VBS/SST or the Anna Kournikova worm, as it has been called, has failed to create anything like the trail of destruction caused by the similar Love Bug virus.

Security experts said part of the reason for this is that network administrators have closed the security loopholes that allowed Visual Basic scripting worms, like the Love Bug and VBS/SST, to overwhelm email servers, though many think security is as lax as ever.

Far more important in limiting the damage caused by VBS/SST is that it carries a relatively weak payload.

The worm comes in an email with the subject line "Here you have, ;o)" and an attachment called AnnaKournikova.jpg.vbs. The virus is activated by the user clicking on the attachment, after which it emails itself to everyone in a user's Microsoft Outlook address books.

McAfee, a division of security firm Network Associates, reports that the virus has been found in 50 enterprise size companies including Fortune 500 firms, however we could only confirm that relatively small firms like travelfusion, religious organisation New Directions and gambling site flutter.com had been affected by the bug.

Moshe Rafiah, travelfusion's chief executive, told The Register that he was the only person at the online travel etailer to be caught out by the worm, and that he was able to disinfect his machine by downloading the latest virus definitions from Symantec.

Paul Rogers, a network security analyst at MIS Corporate Defence, said a lot of users learnt lessons from the Love Bug and put restrictions on Visual Basic scripting that prevented the spread of such viruses.

"This will only catch out companies that haven't got it right," said Rogers.

Andre Post, a senior researcher at Symantec, said that the main effects of the virus have been seen in the US, where "a few companies have shut down their web servers as a precautionary measure".

The spreading routine of VBS/SST is different from that used by the Love Bug, said Post, who added the bug was created using a worm creation tool, called "[K]Alamar's Vbs Worms Creator", from a virus exchange site.

Post added the toolkit is easy to use and requires no particular skill, and the fact that the virus attempts to direct a victim's web browser to a Dutch Web site, called dynabyte.nl, on January 26 - mimics earlier self-replicating viruses produced using the kit. ®

Infection Removal

In order to remove the worm from a system, Russian anti-virus experts Kaspersky Labs has issued the following instructions:
1. Delete the "AnnaKournikova.jpg.vbs" file from the Windows system folder;
2. Delete the following Windows system registry keys:
HKEY_CURRENT_USER\Software\OnTheFly
HKEY_CURRENT_USER\Software\OnTheFly\mailed

Outlook Express users can stop viruses like Love Bug and the Anna Kournikova worm dead in their tracks with a few simple steps:
1. Go to "Tools", then "Options".
2. Click the "Security" tab.
3. Select "Restricted Zone" and click OK.

Related Story

Anna Kournikova virus spreading like wildfire

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.