Anna Kournikova (computer virus)

Last updated
Anna Kournikova
Type Email vbs attachment
Point of origin Netherlands
Author(s) Jan de Wit
Written in VBScript

Anna Kournikova (named by its author as "Vbs.OnTheFly Created By OnTheFly") was a computer worm written by a 20-year-old Dutch student named Jan de Wit --who called himself 'OnTheFly'-- on February 11, 2001. It was designed to trick email users into opening a mail message purportedly containing a picture of the tennis player Anna Kournikova, while actually hiding a malicious program. The worm arrives in an email with the subject line "Here you have, ;0)" and an attached file called AnnaKournikova.jpg.vbs. [1] When launched under Microsoft Windows the file does not display a picture of Anna Kournikova but launches a viral Visual Basic Script that forwards itself to everybody in the Microsoft Outlook address book of the victim.

Computer worm standalone malware computer program that replicates itself in order to spread to other computers

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Dutch people or the Dutch are a Germanic ethnic group native to the Netherlands. They share a common culture and speak the Dutch language. Dutch people and their descendants are found in migrant communities worldwide, notably in Aruba, Suriname, Guyana, Curaçao, Argentina, Brazil, Canada, Australia, South Africa, New Zealand, and the United States. The Low Countries were situated around the border of France and the Holy Roman Empire, forming a part of their respective peripheries, and the various territories of which they consisted had become virtually autonomous by the 13th century. Under the Habsburgs, the Netherlands were organised into a single administrative unit, and in the 16th and 17th centuries the Northern Netherlands gained independence from Spain as the Dutch Republic. The high degree of urbanization characteristic of Dutch society was attained at a relatively early date. During the Republic the first series of large-scale Dutch migrations outside of Europe took place.

Anna Kournikova Russian tennis player and model

Anna Sergeyevna Kournikova is a Russian former professional tennis player. Her appearance and celebrity status made her one of the best known tennis stars worldwide. At the peak of her fame, fans looking for images of Kournikova made her name one of the most common search strings on Google Search.


OnTheFly created Anna Kournikova using a simple and online available Visual Basic Worm Generator program by an Argentinian programmer called [K]Alamar. [2] While similar to the ILOVEYOU worm that struck a year earlier in 2000, the Anna Kournikova worm did not corrupt data on the infected computer. [2] Still, it affected millions of people and caused problems in email servers around the world. [3]

Visual Basic event-driven programming language

Visual Basic is a third-generation event-driven programming language from Microsoft for its Component Object Model (COM) programming model first released in 1991 and declared legacy during 2008. Microsoft intended Visual Basic to be relatively easy to learn and use. Visual Basic was derived from BASIC and enables the rapid application development (RAD) of graphical user interface (GUI) applications, access to databases using Data Access Objects, Remote Data Objects, or ActiveX Data Objects, and creation of ActiveX controls and objects.

Argentines are people identified with country of Argentina. This connection may be residential, legal, historical or cultural. For most Argentines, several of these connections exist and are collectively the source of their being Argentine.

ILOVEYOU, sometimes referred to as Love Bug or Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting random types of files, and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. In contrast, the Melissa virus only sent copies to the first 50 contacts. This made it spread much faster than any other previous email worm.

Apparently, the author created the worm in a matter of hours. "The young man had downloaded a program on Sunday, February 11, from the Internet and later the same day, around 3:00 p.m., set the worm loose in a newsgroup." [4] De Wit turned himself in to authorities in the town of Sneek located in the northern Dutch province of Friesland. "By the time he understood what the worm did, he had conferred with his parents and decided to turn himself in to the police." [4]

Sneek City and former municipality in Friesland, Netherlands

Sneek is a city southwest of Leeuwarden and seat of the former municipality of Sneek in the province of Friesland (Netherlands). As for 2011 it is part of the municipality Súdwest Fryslân. The city had approximately 33,855 inhabitants in January 2017.

The efforts of virus writer working undercover for the FBI, David L. Smith (author of the Melissa virus, who was still serving his sentence) assisted in tracking down OnTheFly's real identity. [5] De Wit turned himself in to the police in his hometown Sneek on February 14, 2001, [6] after he posted a letter of confession on a website and a newsgroup of player Anna Kournikova (alt.binaries.anna-kournikova) dated February 13. In it, he admitted creating the virus using a toolkit and explained his motivations as to see whether the IT community had learned their lesson to better secure systems in the aftermath of previous virus infections. But besides admission and regret he also attributed external blame for the rate of spreading on the beauty of the tennis player (he had pinups of her on his website) and blamed those who opened the email, writing "it's their own fault they got infected." [2]

The Melissa virus was a mass-mailing macro virus. As it was not a standalone program, it was not a worm. It targeted Microsoft Word and Outlook-based systems, and created considerable network traffic.

Resembling the cases of other computer virus writers, a few days later the mayor of Sneek, Mayor Sieboldt Hartkamp made a tentative job offer to De Wit in the local administration's IT department, saying the city should be proud to have produced such a talented young man. [7]

De Wit was tried in Leeuwarden and was charged with spreading data into a computer network with the intention of causing damage, a crime that carried a maximum sentence of four years in prison and a fine of 100,000 guilders (US$41,300). [8] The lawyers for Jan de Wit called for the dismissal of charges against him, arguing that the worm caused minimal damage. The FBI submitted evidence to the Dutch court and suggested that US$166,000 in damages was caused by the worm. He denied any intent to cause damage. De Wit was sentenced to 150 hours of community service. [8]

Leeuwarden City and municipality in Friesland, Netherlands

Leeuwarden, Stadsfries: Liwwadden) is a city and municipality in Friesland in the Netherlands. It is the provincial capital and seat of the States of Friesland. The municipality has a population of 122,293.

Crime unlawful act forbidden and punishable by criminal law

In ordinary language, a crime is an unlawful act punishable by a state or other authority. The term "crime" does not, in modern criminal law, have any simple and universally accepted definition, though statutory definitions have been provided for certain purposes. The most popular view is that crime is a category created by law; in other words, something is a crime if declared as such by the relevant and applicable law. One proposed definition is that a crime or offence is an act harmful not only to some individual but also to a community, society or the state. Such acts are forbidden and punishable by law.

Prison place in which people legally are physically confined and usually deprived of a range of personal freedoms

A prison, also known as a correctional facility, jail, gaol, penitentiary, detention center, remand center, or internment facility is a facility in which inmates are forcibly confined and denied a variety of freedoms under the authority of the state. Prisons are most commonly used within a criminal justice system: people charged with crimes may be imprisoned until their trial; those pleading or being found guilty of crimes at trial may be sentenced to a specified period of imprisonment.

The 18-year-old Buenos Aires programmer who created the Worm Generator toolkit, removed the application's files from his website later in February 2001. "Once they heard my alias being mentioned on television, my friends recommended that I do so," he told ZDNet Latin America in an interview. [9]

In the Friends episode "The One in Barbados, Part One", Ross Geller's laptop was infected by the Kournikova worm when Chandler Bing checked his email on it. The version of the worm in the episode was more malicious than the real thing, as it deleted Ross' entire hard drive, including his speech on paleontology, when it was opened. Moreover, the computer was a PowerBook G4, with which Windows-targeting malware would not be compatible.

See also

Related Research Articles

The Goodtimes Virus was a computer virus hoax that spread during the early years of the Internet's popularity. Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes," hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves, were, in effect, virus-like. In 1997 the Cult of the Dead Cow hacker collective announced that they had been responsible for the perpetration of the "Good Times" virus hoax as an exercise to "prove the gullibility of self-proclaimed 'experts' on the Internet."

In programming and hacking culture, a script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that most script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. However, the term does not relate to the actual age of the participant. The term is considered to be somewhat derogatory.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Antivirus software computer software to defend against malicious computer viruses

Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux operating system. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

Computer fraud is the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, which criminalizes computer-related acts under federal jurisdiction. Types of computer fraud include:

Timeline of Internet conflicts

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

Storm Worm

The Storm Worm is a backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

Mylife (computer worm)

MyLife, discovered by MessageLabs in 2002, is a computer worm that spreads itself by sending email to the addresses found in Microsoft Outlook's contacts list. Written in Visual Basic, it displays an image of a girl holding a flower while it attempts to delete files with certain filename extensions. It is named for a phrase appearing in the subject lines of the emails it sends. A variant, MyLife.B, also called the Bill Clinton worm, instead uses a subject line "bill caricature" and displays a cartoon image of Bill Clinton playing a saxophone. Many additional variants have been reported. When the infected file is run, and the picture is closed, the worm runs its payload. MyLife checks the current date. If the minute value is higher or at 45, the worm searches the C:\ directory and deletes .SYS files, .COM files and the same in D:\ Drives.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

Happy99 computer worm for Windows

Happy99 is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

The Pikachu virus, sometimes referred to as Poké Virus, was a computer virus believed to be the first computer virus geared at children due to its incorporation of Pikachu from the Pokémon series. It was released on June 28, 2000, and arrived in the form of an e-mail titled "Pikachu Pokemon" [sic] with the body of the e-mail containing the text "Pikachu is your friend." Opening the attached executable met users with an image of Pikachu, along with a message stating, "Between millions of people around the world I found you. Don’t forget to remember this day every time MY FRIEND." The virus itself appeared in the attachment to the email as a file named "PikachuPokemon.exe".

Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. It is also used to install the CryptoLocker ransomware. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA,, ABC, Oracle,, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Here you have is a computer worm that successfully attacked tens of thousands of Windows computers in 2010 when it was sent as a link inside an email message with the text "Here you have" in the subject line. The worm arrived in email inboxes on and after September 9, 2010 with the simple subject of "Here you have". The final extension of the link was hidden by default, leading unsuspecting users to think it was a mere PDF file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book.

Mac Defender is an internet rogue security program that targets computers running macOS. The Mac security firm Intego discovered the fake antivirus software on 2 May 2011, with a patch not being provided by Apple until 31 May. The software has been described as the first major malware threat to the Macintosh platform. However, it is not the first Mac-specific Trojan, and is not self-propagating.


  1. "Kournikova computer worm hits hard". BBC News. 13 February 2001. Retrieved 23 May 2009.
  2. 1 2 3 "Confession by author of Anna Kournikova worm". OUT-LAW News. February 14, 2001. Retrieved 23 May 2009.
  3. Cluey, Graham (11 February 2011). "Memories of the Anna Kournikova worm". Naked Security. Sophos . Retrieved 9 February 2018.
  4. 1 2 Robert Lemos (February 14, 2001). "FBI probes worm outbreak after "Anna" arrest". CNET News . Retrieved 23 May 2009.
  5. "Court documents reveal that Melissa's author helped authorities catch other virus writers". Sophos. September 18, 2003. Retrieved 2009-05-10.
  6. Joris Evers (2001-09-13). "Maker of Kournikova worm stands trial". IDG News Service. Archived from the original on 2011-06-15. Retrieved 2009-05-10.
  7. "Kournikova worm author should not be rewarded". Sophos. February 19, 2001. Retrieved 2009-05-10.
  8. 1 2 Robert Blincoe (2001-09-27). "Kournikova virus kiddie gets 150 hours community service". The Register. Archived from the original on 6 April 2009. Retrieved 2009-05-10.
  9. Alijo, Hernan (16 February 2001). "Purported 'Anna' virus toolkit author yanks files from site". ZDNet. Retrieved 9 February 2018.