Feeds

Anna Kournikova bug drops harmlessly onto the Net

'Potentially devastating': you cannot be serious!

  • alert
  • submit to reddit

Build a business case: developing custom apps

Much like the tennis star herself, the Anna Kournikova worm created a lot of interest and attention when it hit the Net - but lacks anything like a powerful smash.

As we previously reported, an Internet-based email worm that masquerades as a picture of tennis star Anna Kournikova is spreading fast after been unleashed on the Internet yesterday. MessageLabs, which scans its users' email for malicious code has intercepted 20,000 copies of the worm since yesterday.

However VBS/SST or the Anna Kournikova worm, as it has been called, has failed to create anything like the trail of destruction caused by the similar Love Bug virus.

Security experts said part of the reason for this is that network administrators have closed the security loopholes that allowed Visual Basic scripting worms, like the Love Bug and VBS/SST, to overwhelm email servers, though many think security is as lax as ever.

Far more important in limiting the damage caused by VBS/SST is that it carries a relatively weak payload.

The worm comes in an email with the subject line "Here you have, ;o)" and an attachment called AnnaKournikova.jpg.vbs. The virus is activated by the user clicking on the attachment, after which it emails itself to everyone in a user's Microsoft Outlook address books.

McAfee, a division of security firm Network Associates, reports that the virus has been found in 50 enterprise size companies including Fortune 500 firms, however we could only confirm that relatively small firms like travelfusion, religious organisation New Directions and gambling site flutter.com had been affected by the bug.

Moshe Rafiah, travelfusion's chief executive, told The Register that he was the only person at the online travel etailer to be caught out by the worm, and that he was able to disinfect his machine by downloading the latest virus definitions from Symantec.

Paul Rogers, a network security analyst at MIS Corporate Defence, said a lot of users learnt lessons from the Love Bug and put restrictions on Visual Basic scripting that prevented the spread of such viruses.

"This will only catch out companies that haven't got it right," said Rogers.

Andre Post, a senior researcher at Symantec, said that the main effects of the virus have been seen in the US, where "a few companies have shut down their web servers as a precautionary measure".

The spreading routine of VBS/SST is different from that used by the Love Bug, said Post, who added the bug was created using a worm creation tool, called "[K]Alamar's Vbs Worms Creator", from a virus exchange site.

Post added the toolkit is easy to use and requires no particular skill, and the fact that the virus attempts to direct a victim's web browser to a Dutch Web site, called dynabyte.nl, on January 26 - mimics earlier self-replicating viruses produced using the kit. ®

Infection Removal

In order to remove the worm from a system, Russian anti-virus experts Kaspersky Labs has issued the following instructions:
1. Delete the "AnnaKournikova.jpg.vbs" file from the Windows system folder;
2. Delete the following Windows system registry keys:
HKEY_CURRENT_USER\Software\OnTheFly
HKEY_CURRENT_USER\Software\OnTheFly\mailed

Outlook Express users can stop viruses like Love Bug and the Anna Kournikova worm dead in their tracks with a few simple steps:
1. Go to "Tools", then "Options".
2. Click the "Security" tab.
3. Select "Restricted Zone" and click OK.

Related Story

Anna Kournikova virus spreading like wildfire

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.