Skip to main content /TECH with /TECH

New e-mail virus preys on Anna Kournikova fans

Anna Kournikova
Anna Kournikova at the recent Australian Open  

In this story:

Spreading at an 'alarming' rate

Ranked high, but could die out soon


(CNN) -- Several anti-virus companies began warning Internet users Monday of a rapidly spreading new e-mail virus that taps into people's desire to see pictures of tennis phenomenon Anna Kournikova.

McAfee's anti-virus team gave the destructive virus a ranking of "high" Monday afternoon after it had been found in more than 50 enterprise companies, including Fortune 500 firms.

Because of the big number of e-mails being generated by the virus, it can overload and crash e-mail servers. It has been found throughout Europe and North America and is expected to surface in Asia as well.

Internet users are advised to immediately delete any suspicious e-mails.

Anti-virus researchers at Computer Associates International, Inc. ranked this virus or worm as a medium risk, and some computer security experts are even warning that it could be bigger than last year's "Love Bug" epidemic.


The worm arrives as an e-mail with the subject: "Here you have, :o)"

The body of the message then contains the following brief message: "Hi: Check This!"

But it is the attachment called "AnnaKournikova.jpg.vbs" that lures most users to continue. The attachment's second extension may also be hidden, deceiving users into believing they have received a JPEG photo of the famous young Russian.

Upon execution, the worm copies itself to the Windows directory, and then sends the file as an attachment to every address listed in an infected user's Microsoft Outlook address book.

Additionally, it will attempt to launch a browser directed to a particular Web site on January 26 of every year.

Spreading at an 'alarming' rate


F-Secure Corp., another security solutions firm, is alerting computer users worldwide about this new, rapidly spreading e-mail virus that is also known as "Onthefly."

This new virus uses encryption to hide itself, said F-Secure officials, and was named Onthefly because it sets a registry key with that name. It is also known by the name "SST."

"Early propagation reports indicate that this virus is spreading faster than many of the biggest viruses we saw last year", comments F-Secure's Mikko Hypponen. "It seems to be spreading almost as fast as LoveLetter."

LoveLetter or the "ILOVEYOU" bug is regarded as the biggest ever virus case with an estimated 15 million infected computers.

"E-mail-based threats continue to spread at alarming rates as illustrated by the number of reports (Computer Associates') anti-virus research centers have received on SST in a short period," said Ian Hameroff, business manager of anti-virus solutions at Computer Associates.

MessageLabs Inc. reported seeing this virus in low numbers at the moment, however they say it is consistent with the early stages of other fast-spreading viruses such as the Love Bug.

Ranked high, but could die out soon

Vincent Weafer, director of Symantec's antivirus center, said the virus should start dying out quickly since information technology workers can better filter these types of scripts after the Love Bug attack.

However, he added, variants of the Kournikova virus have shown up in several cases. Some could continue coming in under the radar, Weafer said.

"Right now, it will have a greater number of infections than 'Melissa' but probably not as many as the Love Bug," said Weafer.

Symantec has rated the Kournikova virus threat as high or four on a scale of five, Weafer noted.

David Perry, global director of education at Trend Micro Inc.'s antivirus center, called the new virus a weak attempt by someone using relatively common techniques.

"This is your quintessential script kiddie virus," said Perry, whose company also gave it a high rating. "It's in enormous circulation, but I don't believe it will surpass the Love Bug."

The virus likely spread so fast because it tapped into peoples' "social engineering," offering pictures of a popular female icon, Perry said. Time also has passed since a major virus outbreak, meaning that users' guards were down, said Perry.

Perry said the virus' coding indicates it may have originated in the Netherlands, since it steers people to an Amsterdam computer store's Web site.

McAfee antivirus update gives NT 4.0 the flu
December 21, 2000
Office 2000 gets its own virus protection
December 4, 2000
MTX virus gaining speed in unusual ways
December 1, 2000
Experts predict more mutating viruses
October 31, 2000
Variant of 'I Love You' virus returns
October 24, 2000

Computer Associates International
Trend Micro
Message Labs

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top