InfoGram
February 15, 2001
NOTE: This InfoGram will be distributed weekly to provide members of the
emergency services sector with news and information concerning the protection of
their critical information systems. For further information please contact the
U.S. Fire Administration's Critical Infrastructure Protection Information Center
at (301) 447-1325 or email at usfacipc@fema.gov.
Critical Infrastructure Protection (CIP): "Viruses - Hackers"
- On February 12, 2001 the worm/virus, the VBS Virus "Anna Kournikova" also
known as "VBS/SST" VBS Virus, was detected in the wild. Based upon investigations
and information from other sources, the "Anna Kournikova" mass-mailing worm/virus
is spreading rapidly throughout the Internet. However, it is seen as a low threat
due to its non-destructive payload. Although it does not infect files on the
victim's systems, this mass-mailing worm can potentially clog email servers
because of the volume it generates, administrators are advised to adjust their
filtering software to block attachments with the name of Anna Kournikova.jpg.vbs.
Additionally, users should not open any emails or attachments with the Anna
Kournikova.jpg.vbs name.
- VBS/SST Worm is a Visual Basic Script worm that spreads via email using the
MAPI applications such as Microsoft Outlook and Outlook Express. The worm arrives
attached to an email message that has the Subject line: "Here you have, ;o)".
The message body contains the following text: "Hi: Check This!" The attachment to
the email message is a Visual Basic Script file named: "Anna
Kournikova.jpg.vbs". When the attached program (the worm code) is executed, it
copies itself to the Windows directory. It then adds the following digital
signature to the registry key: "HKCU\software\OnTheFly\Worm made using Vbswg
1.5b". The worm then proceeds to send itself out to all addresses found in the
Microsoft Outlook Application.
- The Zurich, Switzerland weekly newspaper, SonntagsZeitung, reported the theft
of passwords, email addresses, credit card numbers, and other personal data from
attendees at the World Economic Forum. Celebrities and political leaders were
included in the database that was hacked. Dustin Hoffman, Yassar Arafat, and
former President Bill Clinton are among the individuals whose information was
compromised. How secure is your personal information that is stored on Internet
accessible databases? (http://www.antionline.com)
(http://www.sonntagszeitung.ch)
- Emergency service computer users should be vigilant in their use of email
systems. This reported virus was not covered by the current versions of most
anti-virus software products when it was released. The anti-virus software must
be kept up-to-date with upgrades from the manufacturer to be effective, but new
viruses can appear that are not covered by the anti-virus applications. If you
are not sure of the email that you receive delete it before it is opened.