Prefabricated Shakira pics worm rocks the Internet

Summary: Like the Anna worm, Shakira is the product of a VBS worm-generator kit. Most antivirus software vendors already have protection available to block it. And Shakira is

By Robert Vamosi | June 6, 2002 -- 00:00 GMT (17:00 PDT)

There's nothing new about the latest Internet worm, Shakira (vbs.vbswg-aq@mm). An e-mail message allegedly containing photos of the Grammy-winning Colombian rock star will instead launch a flood of infected copies on other users of Microsoft Outlook or IRC. Like the Anna worm, Shakira is the product of a VBS worm-generator kit. Most antivirus software vendors already have protection available to block it, hence the official name: Vbswg-aq. When the Shakira worm invades your PC, it displays this message: "You have been infected by the ShakiraPics Worm." Because Shakira is not destructive and just sends e-mail, it currently ranks a 4 on the ZDNet Virus Meter.

How it works
The Shakira worm arrives as e-mail with the subject line "Sharkira pics." The body text is "Hi :i have sent the photos via attachment have funn..." The attached file is shakirapics.jpg.vbs.

If you open the attached file, the worm copies itself into the Windows folder as shakirapics.jpg.vbs, then makes a few changes to the Registry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Registry = wscript.exe <WindowsDir> \ShakiraPics.jpg.vbs

In order to keep from spreading twice, Shakira also sets the following Registry keys:

Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached VBS file in Shakira. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software. You may also disable the Windows Scripting Host on your computer to further thwart Shakira. Contact your antivirus vendor to obtain the antivirus signature files that include Shakira.

Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Norman, Sophos, Symantec, or Trend Micro.

Has the Shakira worm infiltrated your network? TalkBack below or e-mail us with your thoughts.

Topics: Collaboration, Browser, Microsoft, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

The best of ZDNet, delivered

White Papers, Webcasts, & Resources

On-demand Webcast: 5 Steps to Nurture Customer Loyalty and Increase Profitability - Now

As the modern multi-channel consumer becomes more empowered than ever, organizations are struggling to identify the right customers to target with the right offers. View this on-demand webcast now to discover 5 key strategies to enhance customer loyalty.
Three Ways to Improve Your Data Storage Capabilities

Whether you're thinking of switching to the cloud or just searching for a scalable solution, this guide will offer best practice tips and strategies for improving data storage.
Oracle Tuxedo 12c Datasheet

With its solid foundation, reliability, ultra-high performance, and scalability, it's no wonder Oracle Tuxedo is the transaction-processing platform of choice. Learn more in this paper.

Talkback