Our company just got hit with a virus that is titled "Here you go o)" The attachment reads "annakournikova.jpg.vbs". When opened, it sends an email to everyone in your sent box and inbox and contact listing. Beware, and forward this along to the appropriate people in your departments, if needed!
Just got hit with a computer virus...warning!
- Thread starter Nelmster
- Start date
That's what you get for opening a VisualBasic Script file To bad you don't had VBS Hosting disabled or the Outlook security patch.
Rick
Rick
Heh....I am, I mean that really sucks that his company got a virus. However avoiding alot of these things in basically a no brainer, however I would have to blame his IS department for not installing the OutLook security patch that disallows *.vbs, *.bat, *.exe, *.com, etc... attachments from even being received.
Also it was nice of him to warn everyone that something was going around.
I didn't mean to seem heartless. I just meant that this should have been easily avoidable.
Thorin
Also it was nice of him to warn everyone that something was going around.
I didn't mean to seem heartless. I just meant that this should have been easily avoidable.
Thorin
Thorin, no problem, and you're absolutely right. IS should know MUCH better. I personally didn't open it after seeing the .vbs.
Besides, you can't look at anything named AnnaKournikova.jpg at work, right???
Besides, you can't look at anything named AnnaKournikova.jpg at work, right???
"Besides, you can't look at anything named AnnaKournikova.jpg at work, right??? "
Heh exactly, best to FWD these to your home account
I'm glad you were on the ball and didn't open it. Again sorry if I sounded heartless in my other post(s).
Thorin
Heh exactly, best to FWD these to your home account
I'm glad you were on the ball and didn't open it. Again sorry if I sounded heartless in my other post(s).
Thorin
PEOPLE ARE SO FREAKIN DUMB!!!!!! We just had 12 idiots open the attachment here at work! ARRRRRRG!!
What is the fix for this virus? Does it hose your system like the ILOVEYOU virus did?
I can't get to Nortons to check info, their site must be getting hammered..
I can't get to Nortons to check info, their site must be getting hammered..
If someone gets the actual virus name I'll grab all the info.
Edit:
I've found it, I'll post some info soon.
Thorin
Edit:
I've found it, I'll post some info soon.
Thorin
Here's what I found at Trend Micro
Aliases:
Anna Kournikova, KALAMAR.A,
VBS/Onthefly.A
Description:
Trend Micro has been receiving several customer phone calls
regarding the "Anna Kournikova" virus, a.k.a. VBS_KALAMAR.A.
This is a Visual Basic Script virus that is currently propagating by
email as an attachment "ANNAKOURNIKOVA.JPG.VBS."
Trend's pattern file #749 and scan engine 5.200 detects this virus.
Trend advises all customers to download the appropriate pattern file
and scan engine.
This web site will be updated as further information is received.
Solution:
Trend customers
Keep your pattern file and scan engine updated. Trend
Micro antivirus software can clean or remove most
types of viruses. Certain viruses, such as Trojans,
scripts, overwriting viruses and joke programs which
are identified as "uncleanable", should simply be
deleted.
All Internet users
1.For a quick check-up of your PC, use HouseCall - Trend
Micro's free on-line virus scanner. This will check for
viruses which may already be on your PC.
2.To keep your computer healthy by catching viruses before
they have a chance to infect your PC or network, get the best
antivirus solution available today. Trend Micro offers antivirus
and content security solutions for home users, corporate
users and ISPs.
Technical details
In the wild: Yes
Trigger date 1: January 26th
Payload 1: Others (tries to connect to a
computer store web site in Netherlands)
Detected by pattern file#: 749
Detected by scan engine#: 5.200
Language: English
Platform: Windows
Encrypted: Yes
Size of virus: ~2K Bytes
Details:
This Visual Basic Script virus is encrypted and appears to be a
variant of the VBSWG virus construction kit. It is a mass mailer and
spreads via Microsoft Outlook. A sample of the email is as follows:
Subject: Here you have, ;o)
Message Body: Hi:
Check This!
Attachment: AnnaKournikova.jpg.vbs
Warning: The subject line, message body as well as the
attachment filename may change. Trend advises all email users to
not open unsolicited attachments.
When the file attachment is executed, the worm copies itself to
the Windows folder and then sends itself to all entries in the
address book of the infected user.
If the current system date is January 26, the virus tries to connect
to a computer shop web site in Netherlands,
http://www.dynabyte.nl. This virus can also be found at the
UseNet, microsoft.public.opk.windows9x newsgroup.
The virus contains the comments:
'Vbs.OnTheFly Created By OnTheFly
and
'Vbswg 1.50b
Thorin
Aliases:
Anna Kournikova, KALAMAR.A,
VBS/Onthefly.A
Description:
Trend Micro has been receiving several customer phone calls
regarding the "Anna Kournikova" virus, a.k.a. VBS_KALAMAR.A.
This is a Visual Basic Script virus that is currently propagating by
email as an attachment "ANNAKOURNIKOVA.JPG.VBS."
Trend's pattern file #749 and scan engine 5.200 detects this virus.
Trend advises all customers to download the appropriate pattern file
and scan engine.
This web site will be updated as further information is received.
Solution:
Trend customers
Keep your pattern file and scan engine updated. Trend
Micro antivirus software can clean or remove most
types of viruses. Certain viruses, such as Trojans,
scripts, overwriting viruses and joke programs which
are identified as "uncleanable", should simply be
deleted.
All Internet users
1.For a quick check-up of your PC, use HouseCall - Trend
Micro's free on-line virus scanner. This will check for
viruses which may already be on your PC.
2.To keep your computer healthy by catching viruses before
they have a chance to infect your PC or network, get the best
antivirus solution available today. Trend Micro offers antivirus
and content security solutions for home users, corporate
users and ISPs.
Technical details
In the wild: Yes
Trigger date 1: January 26th
Payload 1: Others (tries to connect to a
computer store web site in Netherlands)
Detected by pattern file#: 749
Detected by scan engine#: 5.200
Language: English
Platform: Windows
Encrypted: Yes
Size of virus: ~2K Bytes
Details:
This Visual Basic Script virus is encrypted and appears to be a
variant of the VBSWG virus construction kit. It is a mass mailer and
spreads via Microsoft Outlook. A sample of the email is as follows:
Subject: Here you have, ;o)
Message Body: Hi:
Check This!
Attachment: AnnaKournikova.jpg.vbs
Warning: The subject line, message body as well as the
attachment filename may change. Trend advises all email users to
not open unsolicited attachments.
When the file attachment is executed, the worm copies itself to
the Windows folder and then sends itself to all entries in the
address book of the infected user.
If the current system date is January 26, the virus tries to connect
to a computer shop web site in Netherlands,
http://www.dynabyte.nl. This virus can also be found at the
UseNet, microsoft.public.opk.windows9x newsgroup.
The virus contains the comments:
'Vbs.OnTheFly Created By OnTheFly
and
'Vbswg 1.50b
Thorin
Blah it's amazing how people still open the email attachment after you've sent out not one but TWO warnings not to do so... some people even opened it twice! lol.. guess they were hoping the 2nd time around would be a real pic of anna.. hehe
Here's more (it adds a registry key):
f-Secure Virus Descriptions
NAME: Onthefly
ALIAS: SST
ALIAS: I-Worm.Lee.o
VBS/Onthefly is an encrypted, mass mailing worm written in Visual Basic Script.
VARIANT: Onthefly.A
This worm arrives as an attachment in a message with the following content:
Subject: Here you have, ;o)
Body: Hi:
Check This!
Attachment: AnnaKournikova.jpg.vbs
When the attached file is executed, the worm is exected. First it creates the following key to the registry:
HKEY_CURRENT_USER\Software\OnTheFly = "Worm made with Vbswg 1.50b"
The worm then copies itself to Windows directory as "AnnaKournikova.jpg.vbs" and sends itself to all recipients on all address books. It also adds a marker to the registry causing that the mass mailing will happen only once.
At January 26th the worm will open the web browser and connect to an innocent Netherlandic web site.
F-Secure Anti-Virus detects this worm.
[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure; February 2000]
f-Secure Virus Descriptions
NAME: Onthefly
ALIAS: SST
ALIAS: I-Worm.Lee.o
VBS/Onthefly is an encrypted, mass mailing worm written in Visual Basic Script.
VARIANT: Onthefly.A
This worm arrives as an attachment in a message with the following content:
Subject: Here you have, ;o)
Body: Hi:
Check This!
Attachment: AnnaKournikova.jpg.vbs
When the attached file is executed, the worm is exected. First it creates the following key to the registry:
HKEY_CURRENT_USER\Software\OnTheFly = "Worm made with Vbswg 1.50b"
The worm then copies itself to Windows directory as "AnnaKournikova.jpg.vbs" and sends itself to all recipients on all address books. It also adds a marker to the registry causing that the mass mailing will happen only once.
At January 26th the worm will open the web browser and connect to an innocent Netherlandic web site.
F-Secure Anti-Virus detects this worm.
[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure; February 2000]
My favorite was "I'm a hot college coed"<< " Beam Me Up Scotty" Capt.Jim >>
Get this...evidently our company was the first to send this in to MacAfee, who analyzed it and said this was made with a simple "virus creation" software program.
Didn't know there were virus creation programs...nice. :|
Didn't know there were virus creation programs...nice. :|
Why doesn't someone just make another virus that disables vbs scripting on all machines it gets to?
How would Norton handle that, I wonder?
How would Norton handle that, I wonder?
You know what really ticks me off about this (besides the stupidity of people to open up absolutely anything in their email)has to be the utter failure of Microsoft to do anything about this. I'm the tech guy for a school district, and I absolutely refuse to switch us over to Outlook (even thought I get asked all the time if we can go to Outlook because you can make your messages look so pretty--argh!). We run a free email program called Pegasus that works great (except for the pretty part)and will continue to run Pegasus until something is done about this VBS hole. Let's all do our part and switch over to something else untill Redmond comes out with something safe.
I just got this virus a few minutes ago, I emailed the sendor as I am sure they don't know they have it.
Norton 2001 stopped it cold.
Norton 2001 stopped it cold.
- Mar 4, 2000
- 27,370
- 239
- 106
OK . . . I posted a separate note on this topic which includes all of the technical details of this virus as well as how to get rid of it. There are several variants, but once the M.O. is known, there's no reason to ever get suckered in by it. The first clue that something ain't write is the double file extension . . . that really ain't normal!
"You know what really ticks me off about this (besides the stupidity of people to open up absolutely anything in their email)has to be the utter failure of Microsoft to do anything about this. I'm the tech guy for a school district, and I absolutely refuse to switch us over to Outlook (even thought I get asked all the time if we can go to Outlook because you can make your messages look so pretty--argh!). We run a free email program called Pegasus that works great (except for the pretty part)and will continue to run Pegasus until something is done about this VBS hole. Let's all do our part and switch over to something else untill Redmond comes out with something safe."
Outlook 98 SP2 contains a security patch will not allow you to access any attachments of *.exe, *.com, *.bat, *.vbs, etc.... file type.
Thorin
Outlook 98 SP2 contains a security patch will not allow you to access any attachments of *.exe, *.com, *.bat, *.vbs, etc.... file type.
Thorin
From www.avp.com
New February 12, 2001: New VBS worm, VBS.SST.A disguises itself as a jpeg graphic of Anna Kournikova, the Russian tennis player. For more information click here
A unique VBS.SST.A detection and removal tool can be downloaded by clicking here
Thorin
New February 12, 2001: New VBS worm, VBS.SST.A disguises itself as a jpeg graphic of Anna Kournikova, the Russian tennis player. For more information click here
A unique VBS.SST.A detection and removal tool can be downloaded by clicking here
Thorin
I use Eudora 5.0 and have no problems. I also disabled VBS in Windows 98se and use Norton Anti-virus. At work we use Outlook and are always getting viruses, mainly from our overseas (Asian and European) service people. I have yet to get a virus at home from forwarded messages (knock on wood). I think Eudora is better and you can download it for free (if you don't mind the advertising).
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter