Antivirus experts have warned that the AnnaKournikova.jpg.vbs virus highlights the ease with which someone with very little technical knowledge can create malicious code capable of spreading around the world in a matter of minutes.
vnunet.com, 13 Feb 2001
Antivirus experts have warned that the AnnaKournikova.jpg.vbs virus highlights the ease with which someone with very little technical knowledge can create malicious code capable of spreading around the world in a matter of minutes.
The virus, which spread like wildfire late last night, is known as VBS/SST-A and arrives in an email with the subject line "Here you have,;0)" and includes the AnnaKournikova.jpg.vbs attachment.
But instead of displaying a picture of the tennis star, the bug uses the Visual Basic scripting language to infect Outlook and mails itself out to contacts in the infected user's address book.
Eric Chien, chief researcher at Symantec, explained that the virus was actually created with a virus writing kit, known as Vbs Worms Generator 1.50b, which is readily available on the internet.
"The kit was originally created by someone in Argentina and is relatively simple to use. The creator of AnnaKournikova hasn't even added any unique characteristics, it could have been put together by a script kiddie," he said.
But Chien added that the virus was made dangerous through social engineering. "People expected a picture of Anna Kournikova, so they opened the attachment," he said.
Other experts believe that the main problem caused by the virus at the moment is the flooding of mail servers, as the script causes the virus to email itself to everyone in the user's Outlook address book.
Sal Viveros, a spokesman for security firm Network Associates, said: "The mail storm created by this virus is bringing servers down everywhere, making it a high risk case. People have become complacent since the Love Bug virus. We had reports of around 150 enterprises being hit yesterday."
Mikko Hypponen, research manager at F-Secure, added that the virus uses encryption to disguise itself, but that this was a characteristic included in the creation kit.
One user commented in a newsgroup: "Trivial stuff, really. What's the pity, is that it works. This ... simple construction kit virus has got past the script heuristics of most [antivirus software] on the market! Has to be the case. [There's] no other way it could it move so fast through corporate sites. Pathetic."
The code also sets up a registry key named 'Onthefly' allowing a user to detect it easily.
A second payload is also set for release on 26 January when the code will open an infected host's browser and send it to the homepage of Dutch computer shop Dynabyte at www.dynabyte.nl. Chien speculated that the code could have been created by a disgruntled employee or customer of the firm.
A flaw in Microsoft's Outlook Express has left users vulnerable to malicious code embedded into vcards - virtual business cards - which are used to sign many business emails.
Smashing its way into the net at high speed, the "Anna virus" - a worm disguised as a picture of pin-up tennis star Anna Kournikova - wreaked havoc this month.In this special feature, vnunet.com brings you in-depth coverage of the biggest virus outbreak since the Love Bug, as well as expert opinion and advice.
The 20-year-old mystery Dutchman, known only as OnTheFly, arrested for the creation and distribution of the Anna virus, has been released by police after being charged with damaging private property and computer programs, according to reports today.
The author of the AnnaKournikova virus has been arrested by the Dutch authorities, only hours after posting an apology for creating the virus on the internet.
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Google's announcement this week that it plans to step into...
Do you agree?
Have your say on this article