I can’t get into Symantec’s site, and I don’t find the info anywhere else. I recently got an email from a friend, but the style is very unlike him. Attached is a file called AnnaKournikova.jpg.vbs. I’m pretty sure that means that it is not actually a picture file, but some vbScript. Hence, probably some kind of self-forwarding virus. Am I right?
(No, I have not opened it. Yes, I emailed my friend and asked what was up.)
Its a worm virus. delete it.
I wasn’t sure what this virus did. I received it about two minutes after I got an email warning about it, interestingly enough. How anyone is fooled by the “***.jpg.vbs” file extension is beyond me, but I can’t rule it out.
at any rate, I viewed it with notepad to see if I could figure out what it does(I’ve gotten a few macro viruses that I did this with, as well). All I know is that it uses outleek to send itself to everyone in your address book. But does it do anything else?
As far as I know, all it does is send itself to everyone in your Outlook address book, much like Melissa did. This isn’t a good thing, of course, but at least it’s not one of those erase-your-hard-drive viruses.
MSNBC explains a little here http://www.msnbc.com/news/529834.asp .
Like most viruses, particularly the mass-mailer viruses, this one is fueled by stupidity and/or naivete. Even after zillions of warnings about opening .exe or .vbs files, people still do it. They must either feel they are above the warnings or think the warnings are simply for ‘other people.’
At any rate, all you need to do is delete it - both from your Inbox and from your Deleted Items box. This only applies if you’re using a Outlook e-mail program (you smart people using Eudora or another program - I bet you’re feeling smug now, huh?)
Yup. From what I hear it has something to do with forwarding all your e-mail to some account in the Netherlands.
I’ve read that for some e-mail software has settings to not list the extension on attachments. Thus, in this case, if you had extension-listing toggled off, the attachment is listed as “*******.jpg”. This won’t fool a lot of people, but it does trick some people, even if they’ve been warned not to open .exe or .vbs files, files, into opening the attachment, because “it was only a .jpg file”.
Thanks, everyone. I’ve never gotten an email virus before, and I wanted to be sure of what I was seeing. I appreciate the fast turn-around, as always.
The virus has a small, and reasonably non-destructive, payload. It sets two flags in the HKey Current User hive of your registry, and looks for the date being January 26th - if it is, it spawns a browser window to a Netherlands web page.
It also attempts to re-create itself if the vbs code is deleted, but due to an error in its own coding, merely creates a zero-byte file.
We had it figured out and blocked hours before Norton had the fix on their site!
For more info on this virus, check out NAI’s page on it:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99011
Arjuna34
AnnaKournikova.jpg.vbs
AnnaKournikova.gif.vbs
Now, go feast your eyes and then e-mail her to your friends.