An Outbreak of Anthrax on the Internet?

16 Oct 2001
Virus News

Is this just the beginning?

Kaspersky Lab, an international data-security software developer, reports that two new Internet worms are making the rounds, trying to spread under the guise of important information about the anthrax virus. It is obvious that malefactor(s) have callously taken advantage of the recent events surrounding this dangerous biological virus.

Detailed analysis of the worms' code has revealed that fatal bugs keep both worms from effectively propagating. However, it is highly possible that similar worms, with a more capable malicious program posing as the aforementioned subject, could appear in the future. Due to this fact, Kaspersky Lab recommends that users not open any attached files in which "anthrax" (or, "antrax" in Spanish) is mentioned.

These worms were created utilizing the virus generator "VBSWG," and are simply another modification of the "Lee" family of script-viruses. The infamous malicious program "Anna Kournikova" also was written with the help of VBSWG.

Both worms can be delivered to computers via IRC channels (possibly under the client names mIRC or pIRCh). In all cases, the infected files have the names ANTRAXINFO.VBS or ANTRAX.JPG.VBS.

The received e-mail appears as follows:

E-mail Subject:

Informacion Sobre El Antrax

or

Antrax Info

E-mail Body:

Como ahorita esta muy de moda hablar sobre
el antrax aqui te mando la foto de un enfermo
terminal,para que veas como se ponen

or

si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto para que
veas los efectos que tiene
Nota:la foto esta un poco fuerte.

Upon start-up of an infected file, the worms become system resident, and attempt to send copies of themselves to all recipients in the victim's Microsoft Outlook address book. The worms destroy all files on a computer with the VBS and VBE extensions, writing their copies here instead.

Kaspersky Anti-Virus efficiently and effectively protects against this malicious code thanks to the built-in heuristic analyzer, not requiring any additional anti-virus database updates.