Agencies inoculated against Anna

FedCIRC

Painful past experience seems to have helped federal agencies react faster and better to the latest e-mail virus to make the rounds, but there are still gaps in agencies' awareness, officials said.

As a whole, federal agencies seemed much better prepared to react to the "Anna Kournikova" virus that started spreading through the United States Monday morning than they had been with the "ILOVEYOU" virus last May. At that time, the "love bug" hit almost every federal agency, overloaded many e-mail servers and caused some to shut down for days.

With the new virus, the Federal Computer Incident Response Capability saw only a few agencies reporting infections. And those that were infected reacted quickly and killed the virus before it caused any disruptions, said David Jarrell, director of FedCIRC, the government's central organization for cyberattack response.

"I think we had a much better response. We didn't have any reports of anyone getting overwhelmed by this," Jarrell said. "The government saw considerably less impact and was better prepared to handle it."

The new virus employs the same method as the love bug, attacking the Microsoft Corp. Outlook and Outlook Express e-mail applications. It is a VBScript attachment that, when executed, infects the system and then e-mails itself to every person in that user's address book.

The e-mail's subject reads "Here you have, ;0)" and the message reads "Hi: Check This!" The attachment is "AnnaKournikova.jpg.vbs."

However, the virus does not mutate as quickly or as often as the love bug did, and organizations now know what to look for, making it relatively easy to block, said Liam Yu, product manager in Network Associates Inc.'s Anti-Virus Emergency Response Team research lab.

"People are prepared not only to react, but they also know what to do," Yu said.

Antivirus companies now have updated signature files available on their Web sites for users to download so their software can recognize the virus. After the love bug, Microsoft also made available a security patch on its Web site that will enable administrators to block executable attachments.