Security Companies Quickly Defeated Kournikova

Apparently Anna Kournikova – the virus – had even less success than its namesake did on the pro tennis circuit this year.

Within hours of its release, the Anna Kournikova worm had been counteracted by dozens of widely available patches from many of the top security vendors. Sophos Anti-Virus, Norman Data Defense Systems, Microsoft, Trend Micro Inc., and Panda Software were among the first to release patches.

The worm itself was barely harmful. A simple VBScript that simply forwarded itself to every address in an infected user’s Outlook mailbox, the virus, known also as VBS/SST-A or VBS/Onthefly, also set the infected user’s Web browser to point to a site in the Netherlands on a certain date.

While the virus itself did little damage other than mischief, it is part of a growing trend of viruses spreading through insidious psychological means. The Anna Kournikova virus was “probably the biggest virus incident since [the] Love Bug,” according to Graham Cluley, senior technology consultant for Sophos Anti-Virus. The Love Bug appealed to users’ emotions, while the Kournikova worm had users’ more prurient interests in mind.

“This virus is the latest to exploit psychology to aid its spread amongst gullible users,” said Cluley. “Our message to computer users is simple – think with your brain, not with your groin.”

A virus that plays on (mostly young male) techies’ penchant for looking at online pictures of Anna Kournikova may seem like a mostly harmless prank, but the Kournikova worm is just the latest to cost organizations around the world money, time, and resources. A report by Computer Economics Inc. determined that the economic impact of virus attacks on systems around the world was $17.1 billion in 2000, with the Love Bug alone costing organizations $8.7 billion in network downtime, disinfection, and lost productivity.

“Unfortunately, there’s no silver bullet for security,” said Tim Kinnear, president and CEO of, a network security vendor. “You can’t deploy a one-shot solution and think you’ve solved the problem.”

Dozens of security teams, as well as law enforcement officials, helped to quickly quash the virus and its author, a Dutch hacker known as On the Fly. The 20-year old hacker was arrested on February 14, and in a statement on the Internet, reiterated what security professionals have stated all along, albeit in a backhanded manner: “But after all: It’s their own fault they got infected.” In a related incident, the author of the Vbs Worm Generator, the virus authoring tool used to create the worm, removed the application from his Web site.

“A feeble excuse on the Internet for why he did it won’t help the thousands of users who were infected by this virus,” said Cluley. – Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.