Author: Terry McCracken
Date: 17:11:24 02/12/01
Go up one level in this thread
On February 12, 2001 at 17:35:42, Frederic Friedel wrote: >URGENT VIRUS ALERT -- not a hoax, believe me!! > >There is a new, potentially very wide-spread virus on the rampage. A colleague >in England has already been hit, and you will hear all about it tomorrow in the >news. Here’s a quick description to help you avoid infection: > >* The virus or worm arrives as an e-mail with the subject: "Here you have, :o)" > >* The body of the message then contains the following brief message: "Hi: Check >This!" > >* The virus itself is in an attachment called "AnnaKournikova.jpg.vbs". This >lures people into opening or double-clicking to see the picture. This is >especially the case if the attachment's second extension is hidden, which is >often the default setting (it then appears as AnnaKournikova.jpg). People think >it is a JPEG picture of the young Russian tennis star. > >* Upon execution of the Visual Basic Script, which is what the file actually >contains, the worm copies itself to the Windows directory, and then sends the >file as an attachment to every address listed in an infected user's Microsoft >Outlook address book. > >* Additionally, it will attempt to launch a browser directed to a particular Web >site on January 26 of every year. > >Other effects may be present but I do not yet know about them. > >So watch out, don’t open any Kournikova attachments, don’t open any VBS >attachments (ever, anyway), keep checking the news for the latest on the >development of the infection. It could be as big as the I-Love-You virus, which >caused literally billions of dollars in damages. Here's The " Scoop " from MSN THE “ANNA KOURNIKOVA” VIRUS — which is spreading as fast as the “Love Bug” virus last year — tempts potential victims by posing as a picture of Kournikova, an Internet heartthrob. It arrives with the Subject line: “Here you have, ;o)”. The message body reads “Hi: Check this!” and it arrives with an attachment named “AnnaKournikova.jpg.vbs.” Vincent Weafer, spokesperson for Symantec, said it appears the virus writer is already unleashing variants of the bug with slight variations on subject line and attachment name, so users must exercise extra caution. The bug is a so-called “mass-mailer.” Like the Melissa virus, it sends copies of itself to e-mail addresses in the victim’s address book. It only impacts users of Microsoft’s Outlook e-mail products. “This one will be big,” said Alex Shipp, an engineer at MessageLabs Inc. Within a couple of hours, Shipp’s company had detected nearly 8,000 copies of it, and detection rates are growing. “Compared with the Love Bug, it took twice as many hours for Love Bug to reach that level.” How to stop the virus Key steps for preventing the latest virus Top of Form 1 Bottom of Form 1 If you haven't already installed it, download the Outlook 98 Security Patch <http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles/info.html?fcode=0018YB&b=help> or the Outlook 2000 Security Patch <http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles/info.html?fcode=0018YA&b=help> (which requires the Office 2000 Service Release 1a). Please note that this patch does not include Outlook Express. Recent virus outbreaks have exploited known vulnerabilities in Visual Basic Scripting under Windows. To limit your risk of infection, you should turn off Windows Scripting Host. One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as [Fireburn] are being actively circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it. If you don't already have virus protection software on your machine, you should. If you're on a network, check with your network administrator first. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses. Now that you have virus protection software installed, make sure it's up-to-date. Some anti-virus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. Source: ZDNet Printable version <javascript:OpenBrillWindow(> BEHIND THE BUG Antivirus firms are using a variety of different names for the virus: Anna Kournikova, Onthefly, VBS/Anna, VBS/SST, and VBS_Kalamar among them. The virus is a so-called "mass-mailer." Like the Melissa virus, it sends copies of itself to e-mail addresses in the victim’s address book. Within the computer code, the virus writer calls the bug “Onthefly,” and indicates that’s his or her name as well. The first line of the program reads: “‘Vbs.OnTheFly Created By OnTheFly.” But the last line indicates it was created using a simple virus-making tool called “Vbs Worms Generator version 1.50b” — that tool was written by an Argentinean hacker named “Kalamar,” so some antivirus companies are using that name for the bug. Have you received a copy of the 'Kournikova' computer virus? * 15790 responses Yes 54% No 46% Survey results tallied every 60 seconds. Live Votes reflect respondents' views </news/197170.asp> and are not scientifically valid surveys. Shipp said most infections so far are in the United States or the U.K., but he expected the spread of the virus to “follow the sun,” as day breaks around the globe. Susan Orbuch, communications director for Trend Micro, said about 10 of that firm’s 250 corporate clients had been infected and forced to shut down their e-mail servers — including two banks, a pharmaceutical company and a telecommunications company. Many other clients are successfully repelling the bug, she said — one government agency has trapped 1,000 copies of the virus within an hour. Many other clients are receiving about 100 copies an hour, she said. CNBC’s Tom Costello reported that officials at the Nasdaq stock market had received the virus. It was not immediately clear if it had infected computers at the financial market. Vincent Gullatto, spokesperson for Network Associates Inc. and its antivirus arm McAfee, said his company had also received about 100 reports from clients that have received the virus, but he wasn’t ready to proclaim it a massive outbreak yet. “We’ve had detection for it since August,” Gullatto said. “People who have updated their antivirus software will be protected.” He added that many anitivirus users don’t keep their software updated, and they would be at risk. Shipp confirmed that McAfee’s product protected users against the virus, but said the bug was able to evade most other antivirus products. Security firm F-Secure Inc. also gave early indications that the bug was spreading rapidly, saying it had received reports of 3,000 infected computers “I think it’s going to get worse before it gets better,” said spokesperson Mikko Hypponen. “It’s spreading faster than any sample we’ve received this year. It’s spreading almost as fast as LoveLetter.” The virus itself is relatively benign; its payload executes only once a year, on Jan. 26, when it redirects victims’ Internet browsers to a Web page in the Netherlands. But because it makes so many copies of itself, it can shut down corporate e-mail servers. “It may not be as bad as ILoveYou, but it will be of that order, the way it spread around the globe, ” Weafer said. Complicating matters for antivirus firms and PC users are the existence of two other new viruses found Monday. Both bugs — “VBS/Valentin@MM” and “VBS/San@M,” are targeted at Valentine’s Day, and both use a new alarming technique that infects victims as soon as they preview a message — double-clicking on an attachment is not necessary. Neither is believe to be spreading rapidly, however.
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.