Britney No Match for Kournikova
February 28, 2002
Poor Britney. It seems there's not much interest among users for viewing pictures of her. Antivirus vendors have rated this virus a low risk, unlike the heavy hitting Anna Kournikova virus (aka VBSWG and VBS.SST) which infected thousands of users within hours of discovery. That virus also masqueraded as pictures and during its initial spread, infected more rapdily than had the LoveLetter virus which was one of the most widespread threats to affect users.
The hapless Britney virus spreads via email, typically as Britney.chm. The email has the subject line "Re: Britney Pics" and message text that reads "Take a look at these pics ..."
If the .chm file is opened, a window is displayed instructing users to "Enable ActiveX To See Britny" and an Internet Explorer warning message regarding ActiveX controls is also displayed. Choosing "yes" infects the system, in which case it searches local drives for copies of SCRIPT.INI and overwrites it with instructions to infect users who are on the same IRC (Internet Relay Chat) channel. A copy of the worm is also dropped to the C:\Windows directory. The worm also mass-mails itself via the Outlook Address book and then sets the value "1" in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\chm. Since the worm always checks the value first, the mass-mailing occurs one time only per infected system.
This is the second "Britney virus" to fail to gain much attention among users. The first, I-Worm.Britney.b, a.k.a.
Totilix.b, masqueraded as a "screen saver about Britney Spears". Discovered in Feburary 2001, this malicious worm has also been a no-show on the list of in-the-wild threats.
Poor Britney. It seems there's not much interest among users for viewing pictures of her. Antivirus vendors have rated this virus a low risk, unlike the heavy hitting Anna Kournikova virus (aka VBSWG and VBS.SST) which infected thousands of users within hours of discovery. That virus also masqueraded as pictures and during its initial spread, infected more rapdily than had the LoveLetter virus which was one of the most widespread threats to affect users.
The hapless Britney virus spreads via email, typically as Britney.chm. The email has the subject line "Re: Britney Pics" and message text that reads "Take a look at these pics ..."
If the .chm file is opened, a window is displayed instructing users to "Enable ActiveX To See Britny" and an Internet Explorer warning message regarding ActiveX controls is also displayed. Choosing "yes" infects the system, in which case it searches local drives for copies of SCRIPT.INI and overwrites it with instructions to infect users who are on the same IRC (Internet Relay Chat) channel. A copy of the worm is also dropped to the C:\Windows directory. The worm also mass-mails itself via the Outlook Address book and then sets the value "1" in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\chm. Since the worm always checks the value first, the mass-mailing occurs one time only per infected system.
This is the second "Britney virus" to fail to gain much attention among users. The first, I-Worm.Britney.b, a.k.a.
Totilix.b, masqueraded as a "screen saver about Britney Spears". Discovered in Feburary 2001, this malicious worm has also been a no-show on the list of in-the-wild threats.
Source...