Purported 'Anna' virus toolkit author yanks files from site
"Once they heard my alias being mentioned on television, my friends recommended that I do so," he told ZDNet Latin America in an interview.
The teen-age resident of a northern suburb of Buenos Aires became worried after Canal 13, a local TV station, broadcast the news of the Anna virus throughout this week and highlighted the connection between an Argentinian virus writer, "[K]Alamar," and his program that helped create the virus.
The underground programmer said he took the monicker because his favorite soccer team, Club Atlético Platense, uses the nickname "The Squid" or El Calamar. The tools had been available on the Web from his site Kalamar Warez.
Also known as VBS/SST, VBS_Kalamar, and VBS/OnTheFly, the AnnaKournikova virus initially poses a photo of the wildly popular, 19-year-old Russian tennis beauty included in an e-mail message with the subject line "Here you have ;o)." The file name in the message is AnnaKournikova.jpg.vbs, but it may be an abbreviated form of that as well.
The virus uses Visual Basic to infect Windows systems and then, on systems with Outlook, mails itself out to the entire address book. Its ability to mail itself out to a large number of Internet users classifies the virus as a worm.
On Tuesday, the self-proclaimed author of the virus, calling himself OnTheFly, posted a statement to a hastily-constructed Tripod Web site.
"I didn't do it for fun," he stated on the posting dated Feb. 13. "I never wanted to harm the people who opened the attachment. But after all: it's their own fault they got infected."
The first line of the Anna virus contained the line "Vbs.OnTheFly Created By OnTheFly," but because of Kournikova's popularity, most victims referred to the virus as AnnaKournikova.
The statement confirmed the OnTheFly used the readily available virus writing tool, Vbs Worm Generator, to create the Anna Kournikova virus, but exonerated the tool's author of aiding him.
[K]Alamar, whose mother proudly stated to ZDNet Latin America "knows a lot about computers," feels he's been an involuntary accomplice in the Anna epidemic. Despite his newly acquired fame, Kalamar wishes to remain anonymous. When asked why he removed the program from the website, he simply said, "I don't want anybody talking about me."
Peter Kruse, a virus analyst, said the same tool had been distributed together with other infected applications from an Argentine site.
At least one aspect of [K]Alamar's programming survives in all the children created by his program: The date January 26, the teen's birthday. In the AnnaKournikova virus, January 26 is the day that the virus will redirect people to a retail Web site in the Netherlands.
Despite the fact that the virus did not cause nearly as much damage as its predecessor, the LoveLetter virus, AnnaKournikova did cause quite a stir in Argentina.
The news that the virus had been created from a locally developed tool taken from a Visual Basic application, was made public by Trend Micro. "In the program's source code one can see that it was developed in Argentina," Hernán Armbruster, operations manager for Trend's Latin America offices, said on Wednesday.
The following text can be found in the program itself:
Vbs Worms Generator 1.50b By [K]Alamar
Buenos Aires - Argentina - 4/Aug/2000
Virii Argentina - The biggest virii resource in the net.
Trend Micro said that little damage had been done to the country's computers. "Though there have been many virus alerts in e-mail, no system was seriously infected," said Armbruster.
Roberto Heker, Director of NextVision, a Buenos Aires-based company specializing in computer security, agreed. "In Argentina, the only damage was causing a backlog of e-mails and, in some cases, the need to carry out an emergency measure with the new drivers in order to upgrade the virus detection and removal programs," he said. In the wake of the worldwide spread of the AnnaKournikova virus, an 18-year-old Argentinian claiming to be the creator of the Vbs Worm Generator--the program used to create the Anna virus--has removed the application's files from his Web site.
"Once they heard my alias being mentioned on television, my friends recommended that I do so," he told ZDNet Latin America in an interview.
The teen-age resident of a northern suburb of Buenos Aires became worried after Canal 13, a local TV station, broadcast the news of the Anna virus throughout this week and highlighted the connection between an Argentinian virus writer, "[K]Alamar," and his program that helped create the virus.
The underground programmer said he took the monicker because his favorite soccer team, Club Atlético Platense, uses the nickname "The Squid" or El Calamar. The tools had been available on the Web from his site Kalamar Warez.
Also known as VBS/SST, VBS_Kalamar, and VBS/OnTheFly, the AnnaKournikova virus initially poses a photo of the wildly popular, 19-year-old Russian tennis beauty included in an e-mail message with the subject line "Here you have ;o)." The file name in the message is AnnaKournikova.jpg.vbs, but it may be an abbreviated form of that as well.
The virus uses Visual Basic to infect Windows systems and then, on systems with Outlook, mails itself out to the entire address book. Its ability to mail itself out to a large number of Internet users classifies the virus as a worm.
On Tuesday, the self-proclaimed author of the virus, calling himself OnTheFly, posted a statement to a hastily-constructed Tripod Web site.
"I didn't do it for fun," he stated on the posting dated Feb. 13. "I never wanted to harm the people who opened the attachment. But after all: it's their own fault they got infected."
The first line of the Anna virus contained the line "Vbs.OnTheFly Created By OnTheFly," but because of Kournikova's popularity, most victims referred to the virus as AnnaKournikova.
The statement confirmed the OnTheFly used the readily available virus writing tool, Vbs Worm Generator, to create the Anna Kournikova virus, but exonerated the tool's author of aiding him.
[K]Alamar, whose mother proudly stated to ZDNet Latin America "knows a lot about computers," feels he's been an involuntary accomplice in the Anna epidemic. Despite his newly acquired fame, Kalamar wishes to remain anonymous. When asked why he removed the program from the website, he simply said, "I don't want anybody talking about me."
Peter Kruse, a virus analyst, said the same tool had been distributed together with other infected applications from an Argentine site.
At least one aspect of [K]Alamar's programming survives in all the children created by his program: The date January 26, the teen's birthday. In the AnnaKournikova virus, January 26 is the day that the virus will redirect people to a retail Web site in the Netherlands.
Despite the fact that the virus did not cause nearly as much damage as its predecessor, the LoveLetter virus, AnnaKournikova did cause quite a stir in Argentina.
The news that the virus had been created from a locally developed tool taken from a Visual Basic application, was made public by Trend Micro. "In the program's source code one can see that it was developed in Argentina," Hernán Armbruster, operations manager for Trend's Latin America offices, said on Wednesday.
The following text can be found in the program itself:
Vbs Worms Generator 1.50b By [K]Alamar
Buenos Aires - Argentina - 4/Aug/2000
Virii Argentina - The biggest virii resource in the net.
Trend Micro said that little damage had been done to the country's computers. "Though there have been many virus alerts in e-mail, no system was seriously infected," said Armbruster.
Roberto Heker, Director of NextVision, a Buenos Aires-based company specializing in computer security, agreed. "In Argentina, the only damage was causing a backlog of e-mails and, in some cases, the need to carry out an emergency measure with the new drivers in order to upgrade the virus detection and removal programs," he said.