 |
 |
|
|
|
|||||||||||||||||||||||||||||||||||||||
|
Enhanced tool can create tougher Anna worm
(IDG) -- The tool used to write the Anna Kournikova worm has been enhanced by its creator and packs a potentially stronger wallop than when it emerged last month because it is capable of sending hidden EXE files and turning those loose on a user's PC, according to lab analysis by software security vendors. An Argentinian hacker known as [K]Alamar has enhanced and released the updated beta version of his VBS (Visual Basic Script) Worm Generator, allegedly used last month by a Dutch hacker who goes by the moniker OnTheFly to create the worm named after the tennis star. The enhancement was detected over the last several days by security software vendors, whose labs set about analyzing the changes. At Computer Associates International Inc., in Islandia, New York, lab workers quickly determined that the worm generator kit "has some new functionality that will make the threats a bit more destructive," said Ian Hameroff, business manager for security solutions.
Additional analysis found that "it isn't much more destructive than the previous kit," but allows for the ability to include an EXE file when the VBS is launched and that "could cause all kinds of damage," Hameroff said. Users won't see the EXE because the worm will appear as a VBS file. So, while the payload isn't all that different, the ability for the worm to run an executable file on a user's computer could potentially wreak havoc. Those executables could run the gamut of "anything with a malicious intent," from exploits known as trojans to backdoor security breaches, Hameroff said. EXEs have the potential to ruin a PC if they are launched, and so the enhanced worm generator is viewed as having the ability to create tremendous problems. According to information provided through his Web site by [K]Alamar, also known as "K," worms created with the new kit can be easily created and all could potentially have unique code, making them more difficult to detect. A help file from [K]Alamar says that as of last Friday, the creator was using various anti-virus software to try to detect worms created with the generator and none worked. However, he expects that to change soon and so sent out a request that fellow virus writers let him know as anti-virus software becomes an effective hedge against infection. Finjan Software Inc., in San Jose, California, describes the new generator version as a "very impressive tool." The security team reviewed it and "is very impressed with its simplicity and ease of use," according to e-mail from a firm that handles public relations for Finjan. The beta has corrected a lot of bugs from the earlier version and worms created now can be spread using e-mail, IRC (Internet Relay Chat) and files. The Anna Kournikova was spread via e-mail. The original Anna Kournikova masqueraded as a .JPG image of the Russian tennis star -- whose photographs are highly prized among certain of her fans. The worm arrived with one of three variants of the subject line "Here you go :-)" and with one of three variants as the name of the attachment, based around "Anna.Kournikova.jpg.vbs." The e-mail swept the globe in short order. Security vendors expect new worms created with the generator to begin spreading soon, though CA's Hameroff said that the lab team there will be able to "quickly analyze and produce detection" for them. Users are advised to routinely update anti-virus software and to not open e-mail from unknown sources, no matter how enticing the subject line. [K]Alamar himself notes at his site -- misspellings intact -- that "the transmission or possession of destructive programs may be illegal in your country be carefull with what you do. All files in this site are for educational purpose only. Neither my server or I are resonsable of waht you do whit the files." RELATED STORIES:
Survey: Costs of computer security breaches soar RELATED IDG.net STORIES:
Anna Kournikova virus hits U.S. RELATED SITES:
Computer Associates International Inc. |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(