Feeds

Anna Kournikova bug drops harmlessly onto the Net

'Potentially devastating': you cannot be serious!

  • alert
  • submit to reddit

SANS - Survey on application security programs

Much like the tennis star herself, the Anna Kournikova worm created a lot of interest and attention when it hit the Net - but lacks anything like a powerful smash.

As we previously reported, an Internet-based email worm that masquerades as a picture of tennis star Anna Kournikova is spreading fast after been unleashed on the Internet yesterday. MessageLabs, which scans its users' email for malicious code has intercepted 20,000 copies of the worm since yesterday.

However VBS/SST or the Anna Kournikova worm, as it has been called, has failed to create anything like the trail of destruction caused by the similar Love Bug virus.

Security experts said part of the reason for this is that network administrators have closed the security loopholes that allowed Visual Basic scripting worms, like the Love Bug and VBS/SST, to overwhelm email servers, though many think security is as lax as ever.

Far more important in limiting the damage caused by VBS/SST is that it carries a relatively weak payload.

The worm comes in an email with the subject line "Here you have, ;o)" and an attachment called AnnaKournikova.jpg.vbs. The virus is activated by the user clicking on the attachment, after which it emails itself to everyone in a user's Microsoft Outlook address books.

McAfee, a division of security firm Network Associates, reports that the virus has been found in 50 enterprise size companies including Fortune 500 firms, however we could only confirm that relatively small firms like travelfusion, religious organisation New Directions and gambling site flutter.com had been affected by the bug.

Moshe Rafiah, travelfusion's chief executive, told The Register that he was the only person at the online travel etailer to be caught out by the worm, and that he was able to disinfect his machine by downloading the latest virus definitions from Symantec.

Paul Rogers, a network security analyst at MIS Corporate Defence, said a lot of users learnt lessons from the Love Bug and put restrictions on Visual Basic scripting that prevented the spread of such viruses.

"This will only catch out companies that haven't got it right," said Rogers.

Andre Post, a senior researcher at Symantec, said that the main effects of the virus have been seen in the US, where "a few companies have shut down their web servers as a precautionary measure".

The spreading routine of VBS/SST is different from that used by the Love Bug, said Post, who added the bug was created using a worm creation tool, called "[K]Alamar's Vbs Worms Creator", from a virus exchange site.

Post added the toolkit is easy to use and requires no particular skill, and the fact that the virus attempts to direct a victim's web browser to a Dutch Web site, called dynabyte.nl, on January 26 - mimics earlier self-replicating viruses produced using the kit. ®

Infection Removal

In order to remove the worm from a system, Russian anti-virus experts Kaspersky Labs has issued the following instructions:
1. Delete the "AnnaKournikova.jpg.vbs" file from the Windows system folder;
2. Delete the following Windows system registry keys:
HKEY_CURRENT_USER\Software\OnTheFly
HKEY_CURRENT_USER\Software\OnTheFly\mailed

Outlook Express users can stop viruses like Love Bug and the Anna Kournikova worm dead in their tracks with a few simple steps:
1. Go to "Tools", then "Options".
2. Click the "Security" tab.
3. Select "Restricted Zone" and click OK.

Related Story

Anna Kournikova virus spreading like wildfire

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.