Kournikova virus spreads exponentially

Experts at antivirus firm Message Labs warned IT managers to prepare for a VBS.Generic virus contained in the rapidly spreading attachment, AnnaKournikova.jpg.vbs.

Known as VBS/SST-A, the worm arrives in an email with the subject line ‘Here you have, ;0)’ and includes the AnnaKournikova.jpg.vbs attachment. But instead of displaying a picture of the tennis star the bug uses the Visual Basic scripting language to infect Outlook and mails itself out to contacts in the infected user’s address book.

According to some anti-virus firms, the number of infections has been rising every hour. ‘We first saw the AnnaKournikova virus at 1.30pm today. In the first hour we stopped four instances. By the forth hour this was up to 1,376.

‘It’s spreading exponentially,’ said Alex Shipp, antivirus technologist at Message Labs. ‘This means it’s spreading twice as fast as the Love Bug.’

Shipp told that experts trying to assess the threat from the virus had been hampered by code encryption techniques used by its authors. ‘We finally cracked it this morning. There is a payload that points to a website We don’t yet know if it is trying to download malicious code from this URL or launch a denial of service attack against the site.’

Graham Cluley, senior technology consultant at fellow anti virus software vendor Sophos, said the bug is the latest to exploit psychology to aid its spread among gullible users. ‘Pictures of Anna Kournikova are among the most popular on the internet. Our message to computer users is simple – think with your brain not with your groin.’

The virus does not damage the systems it has infected but is thought to be highly polymorphic, which means it changes its signatures to hide itself from antivirus software.

Paul Schmehl, supervisor of support services at the University of Texas in Dallas, who was one of the first wave of IT managers alerted to the threat, said: ‘It seems to work much like the I LOVE YOU virus from before, but I want to be sure that it does nothing else.’

A number of vendors have said their software will detect the virus. Sophos has issued an update at, while Central Command has released a download available at this location.

McAfee said the latest version of its antivirus software and definitions will detect the virus, but neither Symantec nor Trend Micro had patches available as yet.


New Melissa virus strikes in Europe

Christmas emails with a sting in their tail

Viruses won’t be stopped by tougher laws

Will Internet security software bring the criminals to book?

Related reading