News

Security Companies Quickly Defeated Kournikova

• By Scott Bekker
• February 23, 2001

Within hours of its release, the Anna Kournikova worm had been counteracted by dozens of widely available patches from many of the top security vendors. Sophos Anti-Virus, Norman Data Defense Systems, Microsoft, Trend Micro Inc., and Panda Software were among the first to release patches.

The worm itself was barely harmful. A simple VBScript that simply forwarded itself to every address in an infected user’s Outlook mailbox, the virus, known also as VBS/SST-A or VBS/Onthefly, also set the infected user’s Web browser to point to a site in the Netherlands on a certain date.

While the virus itself did little damage other than mischief, it is part of a growing trend of viruses spreading through insidious psychological means. The Anna Kournikova virus was “probably the biggest virus incident since [the] Love Bug,” according to Graham Cluley, senior technology consultant for Sophos Anti-Virus. The Love Bug appealed to users’ emotions, while the Kournikova worm had users’ more prurient interests in mind.

“This virus is the latest to exploit psychology to aid its spread amongst gullible users,” said Cluley. “Our message to computer users is simple – think with your brain, not with your groin.”

A virus that plays on (mostly young male) techies’ penchant for looking at online pictures of Anna Kournikova may seem like a mostly harmless prank, but the Kournikova worm is just the latest to cost organizations around the world money, time, and resources. A report by Computer Economics Inc. determined that the economic impact of virus attacks on systems around the world was $17.1 billion in 2000, with the Love Bug alone costing organizations $8.7 billion in network downtime, disinfection, and lost productivity.

“Unfortunately, there’s no silver bullet for security,” said Tim Kinnear, president and CEO of Intrusion.com, a network security vendor. “You can’t deploy a one-shot solution and think you’ve solved the problem.”

Dozens of security teams, as well as law enforcement officials, helped to quickly quash the virus and its author, a Dutch hacker known as On the Fly. The 20-year old hacker was arrested on February 14, and in a statement on the Internet, reiterated what security professionals have stated all along, albeit in a backhanded manner: “But after all: It’s their own fault they got infected.” In a related incident, the author of the Vbs Worm Generator, the virus authoring tool used to create the worm, removed the application from his Web site.

“A feeble excuse on the Internet for why he did it won’t help the thousands of users who were infected by this virus,” said Cluley. – Isaac Slepner