1. /
  2. Security Response/
  3. VBS.SST@mm


Risk Level 2: Low

February 12, 2001
February 13, 2007 11:46:14 AM
Also Known As:
VBS.Vbswg.gen, Anna Kournikova, VBS/VBSWG.J@mm [F-Prot], VBS_KALAMAR.A [Trend], VBS/SST@MM [McAfee], VBS.OnTheFly [MKS], VBS.VBSWG-based [Kaspersky]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

VBS.SST@mm is a VBS email worm that has been encoded using a virus creation kit. This worm arrives as an attachment named AnnaKournikova.jpg.vbs. When executed, the worm emails itself to everyone in your Microsoft Outlook address book. On January 26, the worm will attempt to direct your Web browser to an Internet address in The Netherlands, from where the worm appears to have originated.

The following information is for network administrators of corporate versions of Norton AntiVirus.

For corporate users, Symantec Technical Support recommends the following
  1. Make sure virus definitions are most current.
  2. Delete the email. Do not open the attachment.
  3. Disable Windows Scripting to prevent VBS files, such as AnnaKournikova.JPEG.VBS, from executing. Filter attachments with a VBS extension.
  4. Outlook 2000 with the latest security update will not execute VBS attachments. Contact Microsoft for further information.
  5. Norton AntiVirus for Microsoft Exchange (NAVMSE) can block attachments by extension when in VAPI mode. Make sure NAVMSE is at a current build. The following Symantec's Knowledge Base documents may be helpful:
  6. Norton AntiVirus for Email Gateways 2.0 installed, attachments with VBS extensions can be blocked. See the Administrator's Guide for details. The following Symantec Knowledge Base document may also be helpful:
  7. Norton AntiVirus for Firewalls 1.5 installed, attachments with VBS extensions can sometimes be blocked. See the Administrator's Guide for details. There are unknown environmental factors that prevent some installations from blocking VBS files. If it works at your site, it will work reliably. If VBS blocking does not work at your site, it will not work at all.

Antivirus Protection Dates

  • Initial Rapid Release version February 12, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version February 12, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date February 12, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Easy
  • Removal: Moderate


  • Damage Level: Low


  • Distribution Level: High
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report