LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Kournikova virus

[ILUG] Kournikova virus

Ray Quinn quinnray at utvinternet.com
Tue Feb 13 12:19:33 GMT 2001 

FYI:

Currently listed as high risk.

This script was created by a worm generating tool. As such, the particulars
of its actions may vary. The most common variant functions as follows.

When run, the script copies itself to the WINDOWS directory as
"AnnaKournikova.jpg.vbs". It attempts to mail a separate email message,
using MAPI messaging, to all recipients in the Windows Address Book using
the following information:

Subject: Here you have, ;o)
Body:
Hi:
Check This!

Attachment: AnnaKournikova.jpg.vbs

It also creates a registry key and key values. The script refers to these
values to check if the mailing routine has already taken place:

HKEY_USERS\.DEFAULT\Software\OnTheFly
HKEY_USERS\.DEFAULT\Software\OnTheFly\mailed=(1 for yes)

On January 26th, the script attempts to connect to the web site
http://www.dynabyte.nl

Indications Of Infection
- Presence of the file "c:\WINDOWS\AnnaKournikova.jpg.vbs"
- Presence of the registry key: HKEY_USERS\.DEFAULT\Software\OnTheFly
- Users complaining that you've sent them a virus.


Method Of Infection
This script arrives as an email attachment which. Opening this attachment
infects your machine. Once infected, the script attempts to mail itself to
all recipients found in the Windows Address Book.

Removal Instructions
Use specified engine and DAT files for detection and removal. Delete any
file which contains this detection.

Virus Information
     Discovery Date: 8/14/00
     Origin: Virus Construction Kit, Intentional
     Length: Varies
     Type: Virus
     SubType: VbScript
     Risk Assessment: High


Aliases
Anna Kournikova, AnnaKournikova, VBS/Anna, VBS/SST, VBS/SST-A (Sophos),
VBS/SST.A (Panda), VBS/VBSWG.J (F-Prot), VBS_Kalamar.a (Trend)


-----Original Message-----
From: Gerard J Keating <gerard.keating at fintrax.com>
Cc: ilug at linux.ie <ilug at linux.ie>
Date: 13 February 2001 12:12
Subject: [ILUG] Kournikova virus


>
>I assume people have seen the last virus warning, the Kournikova virus is a
vbs
>script file disguised as a jpg of the bold ms Kournikova.
>
>
>
>--
>Gerard Keating              Tully
>Fintrax Teo                 Ballinahown
>Tel: +353 91 558205         Galway
>Fax: +353 91 558222         Rep. of Ireland
>
>--
>Irish Linux Users' Group: ilug at linux.ie
>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
>List maintainer: listmaster at linux.ie
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell