"Anna" virus toolkit pulled from Net

[InfoSec News <isn () C4I ORG>]

http://news.cnet.com/news/0-1003-201-4840171-0.html?tag=mn_hd

By Robert Lemos and Hernan Alijo
Special to CNET News.com
February 15, 2001, 5:45 p.m. PT

In the wake of the worldwide spread of the Anna Kournikova virus this
week, an 18-year-old Argentinian claiming to be the creator of the
program used to create the Anna virus has removed the application's
files from his Web site.

"Once they heard my alias being mentioned on television, my friends
recommended that I do so," he said.

The resident of a northern suburb of Buenos Aires became worried after
a local TV station broadcast the news of the Anna virus and
highlighted the connection between an Argentinian virus writer,
Kalamar, and his Vbs Worm Generator program that helped create the
virus.

The underground programmer said he took the moniker because his
favorite soccer team, Club Atletico Platense, uses the nickname "The
Squid," or El Calamar. The tools had been available on the Web from
his site, Kalamar Warez.

Also known as VBS/SST, VBS_Kalamar, and VBS/OnTheFly, the Anna
Kournikova virus initially poses as a photo of the wildly popular
19-year-old Russian tennis player included in an e-mail. The file name
in the message is AnnaKournikova.jpg.vbs, but it may be an abbreviated
form of that as well.

The virus uses Visual Basic to infect Windows systems and then, on
systems with Outlook, mails itself to the entire address book. Its
ability to mail itself out to a large number of Internet users
classifies the virus as a worm.

On Tuesday, the self-proclaimed author of the virus, calling himself
OnTheFly, posted a statement to a hastily constructed Tripod Web site.

"I didn't do it for fun," he stated on the posting dated Tuesday. "I
never wanted to harm the people who opened the attachment. But after
all: it's their own fault they got infected."

The first line of the Anna virus contained the line "Vbs.OnTheFly
Created By OnTheFly," but because of Kournikova's popularity, most
victims referred to the virus as Anna Kournikova.

The statement confirmed that OnTheFly used the readily available virus
writing tool, Vbs Worm Generator, to create the Anna Kournikova virus,
but exonerated the tool's author of aiding him.

A 20-year-old Dutch man turned himself into local authorities
Wednesday, claiming to be OnTheFly.

Kalamar, whose mother proudly said "knows a lot about computers," said
she feels he's been an involuntary accomplice in the Anna epidemic.
Despite his newly acquired fame, Kalamar wishes to remain anonymous.

When asked why he removed the program from the Web site, he simply
said, "I don't want anybody talking about me."

At least one aspect of Kalamar's programming survives in all the
viruses created by his program: the date Jan. 26, the teen's birthday.
In the Anna Kournikova virus, Jan. 26 is the day that the virus will
redirect people to a retail Web site in the Netherlands.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".