Computer virus poses as image of tennis star Anna Kournikova

A new e-mail virus written to take advantage of Microsoft Corp.'s Outlook software is circulating among users today, preying upon people's attraction to tennis star and model Anna Kournikova.

Security analysts said the pernicious new Visual Basic Script (VBS) worm, which infiltrates e-mail systems in much the same way as the "I Love You" virus that struck the Internet last year (see story), is making the rounds disguised as a .jpg image attachment of Kournikova.

The worm arrives with a subject line reading "Here you have, ;o)" and a message that says "Hi: Check This!" The attachment embedded in the message is named "AnnaKournikova.jpg.vbs," although vendors of antivirus software cited various aliases for the worm, including VBS/SST-A, Kalamar.A, OnTheFly and VBS/VBSWG.J@MM.

While it has a high risk for replicating, the virus does little actual damage, according to Liam Yu, product manager at the antivirus software company Symantec Corp. Symantec gave the virus a risk rating of 4, with the highest risk being a 5.

While Cupertino, Calif.-based Symantec has yet to identify the signature, or patterns, in the virus, the software maker has issued warnings to its customers not to open the attachments. A patch for Symantec's software that's designed to block the worm will be available soon, Yu said.

A patch released by Microsoft for Outlook last summer "scrubs" all .vbs attachments by default, Yu said. Increased awareness of the danger posed by attachments after the rapid spread of the highly publicized Melissa and "I Love You" worms also should help curtail the Kournikova worm's potential to do damage, he said.

In addition, the virus is easy to block based on subject matter, according to Yu. But he said Symantec has seen 50 to 60 corporate customers affected by the virus so far, and it expects the total number of companies hit to be in the thousands by tomorrow morning. The virus started in Europe, spread to the U.S. and "when Asia wakes up, we expect to see amplification," Yu said.

Security analysts continue to warn users to think before they open attachments built into e-mail messages.

"This virus is the latest to exploit psychology to aid its spread amongst gullible users," said Graham Cluley, a senior technology consultant for U.K.-based Sophos Anti-Virus in a statement. He noted that photos of Kournikova are among the most popular downloads on the Web.

Sophos also said it has issued an update of its software that will protect against the Kournikova worm. Other antivirus vendors that said their software can detect the worm include Finland-based F-Secure Corp. and Trend Micro Inc. in Cupertino, Calif., which assigned a "high risk" rating to the worm.

IT professionals began reporting incidents involving the worm this morning on SecurityFocus.com, a San Mateo, Calif.-based informational Web site. Many users said their companies have blocked the virus, and some have even taken it apart and identified it as a VBS worm.

Similar to the "I Love You" virus, the new worm works its way through the Outlook e-mail address books and replicates itself to all of the addresses it finds there. Cindy Levin, a product manager at Elron Software Inc. in Burlington, Mass., said the virus appears to only affect Outlook clients.

Elron develops security and filtering software, in addition to licensing antivirus tools from Sophos and from Network Associates Inc.'s McAfee division. Levin said none of her customers has complained of being hit with the virus, since Elron's software and the companion products should be able to block the worm.

While Outlook users seem to be the only ones affected by the virus, those with other e-mail clients, including Cambridge, Mass.-based Lotus Development Corp.'s Notes or San Diego-based Qualcomm Inc.'s Eudora, can forward the message with the virus to Outlook users, who can then become infected.

Related stories:

For more coverage of this issue, visit Computerworld's Security Watch page.

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon