Advertisement
Promo

Security management Toolkit

Shakira worm rocks the Net

Robert Vamosi CNET News

Published: 06 Jun 2002 17:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

There's nothing new about the latest Internet worm, Shakira (vbs.vbswg-aq@mm). An email message allegedly containing photos of the Grammy-winning Colombian rock star will instead launch a flood of infected copies on other users of Microsoft Outlook or IRC. Like the Anna Kournikova worm, Shakira is the product of a VBS worm-generator kit. Most antivirus software vendors already have protection available to block it, hence the official name: Vbswg-aq. When the Shakira worm invades your PC, it displays this message: "You have been infected by the ShakiraPics Worm." Because Shakira is not destructive and just sends email, it currently ranks a 4/10 on the ZDNet Virus Meter.

How it works
The Shakira worm arrives as email with the subject line "Sharkira pics." The body text is "Hi :i have sent the photos via attachment have funn..." The attached file is shakirapics.jpg.vbs.

If you open the attached file, the worm copies itself into the Windows folder as shakirapics.jpg.vbs, then makes a few changes to the Registry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Registry = wscript.exe \ShakiraPics.jpg.vbs

In order to keep from spreading twice, Shakira also sets the following Registry keys:

HKCU\software\ShakiraPics\mailed=1

and

HKCU\software\ShakiraPics\Mirqued=1

Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached VBS file in Shakira. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in email without first saving them to hard disk and scanning them with updated antivirus software. You may also disable the Windows Scripting Host on your computer to further thwart Shakira. Contact your antivirus vendor to obtain the antivirus signature files that include Shakira.

Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Norman, Sophos, Symantec or Trend Micro.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
13 out of 21 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security management


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

2 comments

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a Teufel Cinebar 50 system

Win a Teufel Cinebar 50 system

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters