Kournikova virus hits U.S., Europe

Email hackers have mass-mailed a new VBScript-based virus that purports
to be a photograph of tennis star Anna Kournikova, and security analysts
are warning that the potential damage could be as severe as the Melissa
or Love Bug viruses. The virus made its way through the United States
yesterday--I received a copy of it myself--and is now hitting Europe.
The virus is really just a renamed version of an existing virus, the
so-called SST or "On the Fly" worm--with an enticing catch: The
attachment that accompanies the email promises an alluring photo of the
attractive tennis star but actually contains a file that infects the
computer and propagates itself to every person in the user's email
address book. Security experts say that the virus isn't dangerous
because it doesn't destroy any data, but it has the potential to crash
email servers that get loaded up with bogus Kournikova messages.
You'll know you received a copy of the virus if you get an email with
the following subject line and body text:

Subject: Here you have, ;o)

Hi: Check this!

and an attachment named AnnaKournikova.jpg.vbs. If you execute the
attachment, you're infected. You can remove the attachment by searching
the registry for the H KCUsoftwareOnTheFly entry that the virus added.
Simply delete it.
This virus seems to affect only Outlook users, but anyone who uses
the Outlook Security Patch (as I do) is automatically protected. To
protect yourself otherwise, you can take a number of steps, most of
which have the side effect of disabling otherwise-desirable functions.
You can turn off Windows Script Host (WSH) by deleting the VBS script
file entry in the File Types tab of the Folder Options dialog box. Or
you could simply not open attachments, which probably isn't an option
for most people. Antivirus software is a mixed bag, of course, but in
this day of pervasive Internet connections, it's probably a good idea to
remain protected at all times. And, of course, you could also subscribe
to Mark Edward's excellent Security UPDATE newsletter.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.