Anna Kournikova (computer virus)

Last updated

Anna Kournikova
Type Computer virus
Point of origin Sneek, Netherlands
Author(s)Jan de Wit
Written in VBScript

Anna Kournikova (named Vbs.OnTheFly by its author, and also known as VBS/SST and VBS_Kalamar) [1] was a computer virus that spread worldwide on the Internet in February 2001. The virus program was contained in an email attachment, purportedly an image of tennis player Anna Kournikova.

Contents

Background

The virus was created by 20-year-old Dutch student Jan de Wit, who used the pseudonym "OnTheFly", on 11 February 2001. [2] It was designed to trick email users into clicking to open an email attachment, ostensibly an image of the professional tennis player Anna Kournikova but instead hiding a malicious program. The virus arrived in an email with the subject line "Here you have, ;0)" and an attached file entitled AnnaKournikova.jpg.vbs. [3] When opened in Microsoft Outlook, the file did not display a picture of Kournikova, but launched a viral VBScript program that forwarded itself to all contacts in the victim's address book. [2]

De Wit created Anna Kournikova in a matter of hours using a simple online Visual Basic Worm Generator program written by an Argentinian programmer called [K]Alamar. [4] "The young man had downloaded a program on Sunday, February 11, from the Internet and later the same day, around 3:00 p.m., set the virus loose in a newsgroup." [5] The Anna Kournikova virus did not corrupt data on the infected computer, unlike the similar ILOVEYOU virus that struck a year earlier in 2000, [4] yet infected the computers of millions of users and caused problems in email servers worldwide. [2]

Conviction

David L. Smith (the author of the 1999 Melissa virus, who was in FBI custody at that time) assisted the FBI in tracking down De Wit's identity. [6] De Wit turned himself in to the police in his hometown Sneek on 14 February 2001, [7] after he posted a confession to a website and a newsgroup devoted to the tennis player (alt.binaries.anna-kournikova), dated 13 February. He admitted to the creation of the virus using a toolkit, and said that his motivations were to see whether the IT community had developed better system security in the aftermath of previous virus infections. He also attributed blame for the virus's rate of spreading on Kournikova's beauty, and blamed those who opened the email, writing: "it's their own fault they got infected." [4]

A few days after the virus release, the mayor of Sneek, Sieboldt Hartkamp, made a tentative job offer to De Wit in the local administration's IT department, saying that the city should be proud to have produced such a talented young man. [8]

De Wit was tried in Leeuwarden and was charged with spreading data into a computer network with the intention of causing damage, a crime that carried a maximum sentence of four years in prison and a fine of 100,000 guilders (then equivalent to US$41,300). [9] His lawyers called for the dismissal of the charges against him, arguing that the virus caused minimal damage. The FBI submitted evidence to the Dutch court, suggesting that US$166,000 in damages had been caused by the virus. Denying any intent to cause damage, De Wit was sentenced to 150 hours of community service. [9]

The 18-year-old Buenos Aires programmer who created the Worm Generator toolkit removed the application's files from his website later in February 2001. In an interview, he said that his friends had encouraged him to do so after hearing his pseudonym on television. [10]

See also

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

The Goodtimes virus, also styled as Good Times virus, was a computer virus hoax that spread during the early years of the Internet's popularity. Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes", hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves were, in effect, virus-like. In 1997 the Cult of the Dead Cow hacker collective announced that they had been responsible for the perpetration of the "Good Times" virus hoax as an exercise to "prove the gullibility of self-proclaimed 'experts' on the Internet".

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Mydoom</span> Self-replicating malware program that spread by email

Mydoom was a computer worm that targeted computers running Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2024 has yet to be surpassed.

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after May 5, 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs." At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

Computer fraud is the use of computers, the Internet, Internet devices, and Internet services to defraud people or organizations of resources. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act (CFAA), which criminalizes computer-related acts under federal jurisdiction and directly combats the insufficiencies of existing laws. Types of computer fraud include:

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.

CTX is a computer virus created in Spain in 1999. CTX was initially discovered as part of the Cholera worm, with which the author intentionally infected with CTX. Although the Cholera worm had the capability to send itself via email, the CTX worm quickly surpassed it in prevalence. Cholera is now considered obsolete, while CTX remains in the field, albeit with only rare discoveries.

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Mylife (computer worm)</span> Computer worm

MyLife, discovered by MessageLabs in 2002, is a computer worm that spreads itself by sending email to the addresses found in Microsoft Outlook's contacts list. Written in Visual Basic, it displays an image of a girl holding a flower while it attempts to delete files with certain filename extensions. It is named for a phrase appearing in the subject lines of the emails it sends. A variant, MyLife.B, also called the Bill Clinton worm, instead uses a subject line "bill caricature" and displays a cartoon image of Bill Clinton playing a saxophone. Many additional variants have been reported. When the infected file is run, and the picture is closed, the worm runs its payload. MyLife checks the current date. If the minute value is higher or at 45, the worm searches the C:\ directory and deletes .SYS files, .COM files and the same in D:\ Drives.

<span class="mw-page-title-main">Happy99</span> Windows computer worm and early e-mail virus

Happy99 is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

Daprosy worm was a malicious computer program that spreads via local area network (LAN) connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders.

The Pikachu virus, sometimes referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children due to its incorporation of Pikachu from the Pokémon series. It was released on June 28, 2000, and arrived in the form of an email titled "Pikachu Pokemon" [sic] with the body of the e-mail containing the text "Pikachu is your friend." Opening the attached executable shows users an image of Pikachu, along with a message stating: "Between millions of people around the world I found you. Don’t forget to remember this day every time MY FRIEND!" The worm itself appeared in the attachment to the email as a file named "PikachuPokemon.exe".

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

References

  1. Alijo, Hernan. "Purported 'Anna' virus toolkit author yanks files from site". ZDNet. Archived from the original on 9 August 2020. Retrieved 24 October 2020.
  2. 1 2 3 Cluey, Graham (11 February 2011). "Memories of the Anna Kournikova worm". Naked Security - Sophos . Archived from the original on 10 February 2018. Retrieved 9 February 2018.
  3. "Kournikova computer worm hits hard". BBC News. 13 February 2001. Archived from the original on 13 May 2016. Retrieved 23 May 2009.
  4. 1 2 3 "Confession by author of Anna Kournikova worm". Out-law news. 14 February 2001. Archived from the original on 3 March 2016. Retrieved 23 May 2009.
  5. Robert Lemos (14 February 2001). "FBI probes worm outbreak after "Anna" arrest". CNET news. Archived from the original on 24 October 2012. Retrieved 23 May 2009.
  6. "Court documents reveal that Melissa's author helped authorities catch other virus writers". Sophos (Press release). 18 September 2003. Archived from the original on 12 October 2016. Retrieved 10 May 2009.
  7. Evers, Joris (13 September 2001). "Maker of Kournikova worm stands trial". NetworkWorld . IDG News Service. Archived from the original on 15 June 2011. Retrieved 10 May 2009.
  8. "Kournikova worm author should not be rewarded". Sophos (Press release). 19 February 2001. Archived from the original on 26 April 2009. Retrieved 10 May 2009.
  9. 1 2 Blincoe, Robert (27 September 2001). "Kournikova virus kiddie gets 150 hours community service". The Register . Archived from the original on 6 April 2009. Retrieved 10 May 2009.
  10. Alijo, Hernan (16 February 2001). "Purported 'Anna' virus toolkit author yanks files from site". ZDNet . Archived from the original on 9 August 2020. Retrieved 9 February 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.