First published: 13th February 2001
A new email worm, disguised as a picture of the tennis star Anna Kournikova is spreading on the Internet. It has been variously named by anti-virus vendors as VBS/SST-A, and VBS/Onthefly, as the naming conventions discourage the use of peoples names. MessageLabs has intercepted over three thousand copies in one hour, with the United States, Great Britain and the Netherlands being hardest hit. They estimate that ir is spreading about twice as fast as VBS/LoveLetter.
Yui Kee Computing has received several reports and samples in Hong Kong, including one large organisation and is expecting many more. Allan Dyer, Chief Consultant of Yui Kee Computing said, "The worm was first spotted about 1300 GMT yesterday, 12 February. It will follow the timezones around the world as users in different countries arrive at the office and open their email."
VBS/SST-A, arrives in an email with the subject line "Here you have, ;0)" and an attached file called AnnaKournikova.jpg.vbs When launched the file does not display a picture of Anna Kournikova but launches a viral Visual Basic Script that forwards itself to everybody in your Microsoft Outlook address book.
"This virus is the latest to exploit psychology to aid its spread amongst innocent users," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Pictures of Anna Kournikova are amongst the most popular on the internet. Our message to computer users is simple - don't let unsolicited email attachments lead you into temptation".
Allan Dyer commented, "Peoples memories are short, just after VBS/LoveLetter hit, everyone avoided opening unexpected attachments, but now, almost a year later, the lesson has been forgotten".
If the system date is 26 January (any year) the virus will also launch the default web browser directed at www.dynabyte.nl, an innocent website in the Netherlands.
Anti-virus vendors have issued updates to detect and identify VBS/SST-A.