Skip to main content

An Outbreak of Anthrax on the Internet?

October 17, 2001

Is this just the beginning? Kaspersky Labs, an international data-security software developer, reports that two new Internet worms are making the rounds, trying to spread under the guise of important information about the anthrax virus. It is obvious that malefactor(s) have callously taken advantage...

Is this just the beginning?

Kaspersky Lab, an international data-security software developer, reports that two new Internet worms are making the rounds, trying to spread under the guise of important information about the anthrax virus. It is obvious that malefactor(s) have callously taken advantage of the recent events surrounding this dangerous biological virus.

Detailed analysis of the worms' code has revealed that fatal bugs keep both worms from effectively propagating. However, it is highly possible that similar worms, with a more capable malicious program posing as the aforementioned subject, could appear in the future. Due to this fact, Kaspersky Lab recommends that users not open any attached files in which "anthrax" (or, "antrax" in Spanish) is mentioned.

These worms were created utilizing the virus generator "VBSWG," and are simply another modification of the "Lee" family of script-viruses. The infamous malicious program "Anna Kournikova" also was written with the help of VBSWG.

Both worms can be delivered to computers via IRC channels (possibly under the client names mIRC or pIRCh). In all cases, the infected files have the names ANTRAXINFO.VBS or ANTRAX.JPG.VBS.

The received e-mail appears as follows:

E-mail Subject:

Informacion Sobre El Antrax

or

Antrax Info

E-mail Body:

Como ahorita esta muy de moda hablar sobre
el antrax aqui te mando la foto de un enfermo
terminal,para que veas como se ponen

or

si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto para que
veas los efectos que tiene
Nota:la foto esta un poco fuerte.

Upon start-up of an infected file, the worms become system resident, and attempt to send copies of themselves to all recipients in the victim's Microsoft Outlook address book. The worms destroy all files on a computer with the VBS and VBE extensions, writing their copies here instead.

Kaspersky Anti-Virus efficiently and effectively protects against this malicious code thanks to the built-in heuristic analyzer, not requiring any additional anti-virus database updates.

An Outbreak of Anthrax on the Internet?

Is this just the beginning? Kaspersky Labs, an international data-security software developer, reports that two new Internet worms are making the rounds, trying to spread under the guise of important information about the anthrax virus. It is obvious that malefactor(s) have callously taken advantage...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases