Anna Kournikova (computer virus)

Last updated

Anna Kournikova
Type Computer virus
Origin Sneek, Netherlands
AuthorsJan de Wit
Technical details
Written in VBScript

Anna Kournikova (named Vbs.OnTheFly by its author, and also known as VBS/SST and VBS_Kalamar) [1] was a computer virus that spread worldwide on the Internet in February 2001. The virus program was contained in an email attachment, purportedly an image of tennis player Anna Kournikova.

Contents

Background

The virus was created by 20-year-old Dutch student Jan de Wit, who used the pseudonym "OnTheFly", on 11 February 2001. [2] It was designed to trick email users into opening an email attachment, ostensibly an image of Russian tennis player Anna Kournikova but instead hiding a malicious program. The virus arrived in an email with the subject line "Here you have, ;0)" and an attached file entitled AnnaKournikova.jpg.vbs. [3] When opened in Microsoft Outlook, the file did not display a picture of Kournikova, but launched a viral VBScript program that forwarded itself to all contacts in the victim's address book. [2]

De Wit created Anna Kournikova in a matter of hours using a simple online Visual Basic Worm Generator program written by an Argentinian programmer called [K]Alamar. [4] "The young man had downloaded a program on Sunday, February 11, from the Internet and later the same day, around 3:00 p.m., set the virus loose in a newsgroup." [5] The Anna Kournikova virus did not corrupt data on the infected computer, unlike the similar ILOVEYOU virus that struck a year earlier in 2000, [4] yet infected the computers of millions of users and caused problems in email servers worldwide. [2]

Conviction

David L. Smith (the author of the 1999 Melissa virus, who was in FBI custody at that time) assisted the FBI in tracking down De Wit's identity. [6] De Wit turned himself in to the police in his hometown Sneek on 14 February 2001, [7] after he posted a confession to a website and a newsgroup devoted to the tennis player (alt.binaries.anna-kournikova), dated 13 February. He admitted to the creation of the virus using a toolkit, and said that his motivations were to see whether the IT community had developed better system security in the aftermath of previous virus infections. He also attributed blame for the virus's rate of spreading on Kournikova's beauty, and blamed those who opened the email, writing: "it's their own fault they got infected." [4]

A few days after the virus release, the mayor of Sneek, Sieboldt Hartkamp, made a tentative job offer to De Wit in the local administration's IT department, saying that the city should be proud to have produced such a talented young man. [8]

De Wit was tried in Leeuwarden and was charged with spreading data into a computer network with the intention of causing damage, a crime that carried a maximum sentence of four years in prison and a fine of 100,000 guilders (then equivalent to US$41,300). [9] His lawyers called for the dismissal of the charges against him, arguing that the virus caused minimal damage. The FBI submitted evidence to the Dutch court, suggesting that US$166,000 in damages had been caused by the virus. Denying any intent to cause damage, De Wit was sentenced to 150 hours of community service. [9]

The 18-year-old Buenos Aires programmer who created the Worm Generator toolkit removed the application's files from his website later in February 2001. In an interview, he said that his friends had encouraged him to do so after hearing his pseudonym on television. [10]

See also

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

The Goodtimes virus, also styled as Good Times virus, was a computer virus hoax that spread during the early years of the Internet's popularity. Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes", hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves were, in effect, virus-like. In 1997 the Cult of the Dead Cow hacker collective announced that they had been responsible for the perpetration of the "Good Times" virus hoax as an exercise to "prove the gullibility of self-proclaimed 'experts' on the Internet".

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">CIH (computer virus)</span> Windows 9x computer virus

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus that first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives and, in some cases, destroying the system BIOS. The virus was created by Chen Ing-hau, a student at Tatung University in Taiwan. It was believed to have infected sixty million computers internationally, resulting in an estimated NT$1 billion (US$35,801,231.56) in commercial damages.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Mydoom</span> Self-replicating malware program that spread by email

Mydoom was a computer worm that targeted computers running Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2024 has yet to be surpassed.

<span class="mw-page-title-main">ILOVEYOU</span> Computer worm

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

Computer fraud is the use of computers, the Internet, Internet devices, and Internet services to defraud people or organizations of resources. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act (CFAA), which criminalizes computer-related acts under federal jurisdiction and directly combats the insufficiencies of existing laws. Types of computer fraud include:

<span class="mw-page-title-main">O RLY?</span> Internet meme

O RLY? is an Internet phenomenon, typically presented as an image macro featuring a snowy owl. The phrase "O RLY?", an abbreviated form of "Oh, really?", is popularly used in Internet forums in a sarcastic manner, often in response to an obvious, predictable, or blatantly false statement. Similar owl image macros followed the original to present different views, including images with the phrases "YA RLY", "NO WAI!!", and NO RLY.

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Happy99</span> Windows computer worm and early e-mail virus

Happy99 is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

Daprosy worm was a malicious computer program that spreads via local area network (LAN) connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders.

The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, the mascot species of the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Mac Defender is an internet rogue security program that targets computers running macOS. The Mac security firm Intego discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major malware threat to the Macintosh platform. However, it is not the first Mac-specific Trojan, and is not self-propagating.

References

  1. Alijo, Hernan. "Purported 'Anna' virus toolkit author yanks files from site". ZDNet. Archived from the original on 9 August 2020. Retrieved 24 October 2020.
  2. 1 2 3 Cluey, Graham (11 February 2011). "Memories of the Anna Kournikova worm". Naked Security - Sophos . Archived from the original on 10 February 2018. Retrieved 9 February 2018.
  3. "Kournikova computer worm hits hard". BBC News. 13 February 2001. Archived from the original on 13 May 2016. Retrieved 23 May 2009.
  4. 1 2 3 "Confession by author of Anna Kournikova worm". Out-law news. 14 February 2001. Archived from the original on 3 March 2016. Retrieved 23 May 2009.
  5. Robert Lemos (14 February 2001). "FBI probes worm outbreak after "Anna" arrest". CNET news. Archived from the original on 24 October 2012. Retrieved 23 May 2009.
  6. "Court documents reveal that Melissa's author helped authorities catch other virus writers". Sophos (Press release). 18 September 2003. Archived from the original on 12 October 2016. Retrieved 10 May 2009.
  7. Evers, Joris (13 September 2001). "Maker of Kournikova worm stands trial". NetworkWorld . IDG News Service. Archived from the original on 15 June 2011. Retrieved 10 May 2009.
  8. "Kournikova worm author should not be rewarded". Sophos (Press release). 19 February 2001. Archived from the original on 26 April 2009. Retrieved 10 May 2009.
  9. 1 2 Blincoe, Robert (27 September 2001). "Kournikova virus kiddie gets 150 hours community service". The Register . Archived from the original on 6 April 2009. Retrieved 10 May 2009.
  10. Alijo, Hernan (16 February 2001). "Purported 'Anna' virus toolkit author yanks files from site". ZDNet . Archived from the original on 9 August 2020. Retrieved 9 February 2018.