Building Anna Kournikova: An Analysis of the VBSWG Worm Kit

by Markus Schmall
Sept. 23, 2017 0 comments Symantec annakournikova worm

The Homepage and the Anna Kournikova worms are two high-profile examples of the VBS/VBSWG@mm family of visual basic script worms. These worms are generated by the VBSWG kit, one of the many virus-generating kits that are easily available on the Internet. These kits make writing a virus a simple, straightforward and unskilled task. Given the prominence of this kit, and its related worms, it would be useful for security and virus professionals to better understand it. With this in mind, this article will analyze the VBSWG kit itself (version 1.50b) and will discuss its functionality in detail. This discussion will also explain the attack points by which heuristic engines can detect all possible generations of the VBS/VBSWG@mm worms.