Feeds

Anna Kournikova bug drops harmlessly onto the Net

'Potentially devastating': you cannot be serious!

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Much like the tennis star herself, the Anna Kournikova worm created a lot of interest and attention when it hit the Net - but lacks anything like a powerful smash.

As we previously reported, an Internet-based email worm that masquerades as a picture of tennis star Anna Kournikova is spreading fast after been unleashed on the Internet yesterday. MessageLabs, which scans its users' email for malicious code has intercepted 20,000 copies of the worm since yesterday.

However VBS/SST or the Anna Kournikova worm, as it has been called, has failed to create anything like the trail of destruction caused by the similar Love Bug virus.

Security experts said part of the reason for this is that network administrators have closed the security loopholes that allowed Visual Basic scripting worms, like the Love Bug and VBS/SST, to overwhelm email servers, though many think security is as lax as ever.

Far more important in limiting the damage caused by VBS/SST is that it carries a relatively weak payload.

The worm comes in an email with the subject line "Here you have, ;o)" and an attachment called AnnaKournikova.jpg.vbs. The virus is activated by the user clicking on the attachment, after which it emails itself to everyone in a user's Microsoft Outlook address books.

McAfee, a division of security firm Network Associates, reports that the virus has been found in 50 enterprise size companies including Fortune 500 firms, however we could only confirm that relatively small firms like travelfusion, religious organisation New Directions and gambling site flutter.com had been affected by the bug.

Moshe Rafiah, travelfusion's chief executive, told The Register that he was the only person at the online travel etailer to be caught out by the worm, and that he was able to disinfect his machine by downloading the latest virus definitions from Symantec.

Paul Rogers, a network security analyst at MIS Corporate Defence, said a lot of users learnt lessons from the Love Bug and put restrictions on Visual Basic scripting that prevented the spread of such viruses.

"This will only catch out companies that haven't got it right," said Rogers.

Andre Post, a senior researcher at Symantec, said that the main effects of the virus have been seen in the US, where "a few companies have shut down their web servers as a precautionary measure".

The spreading routine of VBS/SST is different from that used by the Love Bug, said Post, who added the bug was created using a worm creation tool, called "[K]Alamar's Vbs Worms Creator", from a virus exchange site.

Post added the toolkit is easy to use and requires no particular skill, and the fact that the virus attempts to direct a victim's web browser to a Dutch Web site, called dynabyte.nl, on January 26 - mimics earlier self-replicating viruses produced using the kit. ®

Infection Removal

In order to remove the worm from a system, Russian anti-virus experts Kaspersky Labs has issued the following instructions:
1. Delete the "AnnaKournikova.jpg.vbs" file from the Windows system folder;
2. Delete the following Windows system registry keys:
HKEY_CURRENT_USER\Software\OnTheFly
HKEY_CURRENT_USER\Software\OnTheFly\mailed

Outlook Express users can stop viruses like Love Bug and the Anna Kournikova worm dead in their tracks with a few simple steps:
1. Go to "Tools", then "Options".
2. Click the "Security" tab.
3. Select "Restricted Zone" and click OK.

Related Story

Anna Kournikova virus spreading like wildfire

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.