- February 12, 2001
- February 13, 2007 11:46:14 AM
Also Known As:
- VBS.Vbswg.gen, Anna Kournikova, VBS/VBSWG.J@mm [F-Prot], VBS_KALAMAR.A [Trend], VBS/SST@MM [McAfee], VBS.OnTheFly [MKS], VBS.VBSWG-based [Kaspersky]
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
VBS.SST@mm is a VBS email worm that has been encoded using a virus creation kit. This worm arrives as an attachment named AnnaKournikova.jpg.vbs. When executed, the worm emails itself to everyone in your Microsoft Outlook address book. On January 26, the worm will attempt to direct your Web browser to an Internet address in The Netherlands, from where the worm appears to have originated.
The following information is for network administrators of corporate
versions of Norton AntiVirus.
For corporate users, Symantec Technical Support recommends the following
- Make sure virus definitions are most current.
- Delete the email. Do not open the attachment.
- Disable Windows Scripting to prevent VBS files, such as AnnaKournikova.JPEG.VBS, from executing. Filter attachments with a VBS extension.
- Microsoft Exchange 2000 in VAPI mode can strip attachments by extension. Contact Microsoft for further information.
- Microsoft Exchange Server also provides the ExMerge utility, which can be used to purge the Information Store of messages with a specified subject or attachment name. This can be very useful during a virus crisis. For more information, please see the following Microsoft Articles:
- Outlook 2000 with the latest security update will not execute VBS attachments. Contact Microsoft for further information.
- Norton AntiVirus for Microsoft Exchange (NAVMSE) can block attachments by extension when in VAPI mode. Make sure NAVMSE is at a current build. The following Symantec's Knowledge Base documents may be helpful:
- Norton AntiVirus for Email Gateways 2.0 installed, attachments with VBS extensions can be blocked. See the Administrator's Guide for details. The following Symantec Knowledge Base document may also be helpful:
- Norton AntiVirus for Firewalls 1.5 installed, attachments with VBS extensions can sometimes be blocked. See the Administrator's Guide for details. There are unknown environmental factors that prevent some installations from blocking VBS files. If it works at your site, it will work reliably. If VBS blocking does not work at your site, it will not work at all.
Antivirus Protection Dates
Initial Rapid Release version February 12, 2001
Latest Rapid Release version September 28, 2010 revision 054
Initial Daily Certified version February 12, 2001
Latest Daily Certified version September 28, 2010 revision 036
Initial Weekly Certified release date February 12, 2001
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: High
Threat Containment: Easy
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Eric Chien