14 DAY TRIAL // Ten years ago the Anna Kournikova email worm broke out, infecting millions of computers around the world and teaching everyone a hard lesson in social engineering.
The malware was created by a 20-year old Dutch programmer named Jan de Wit, who used a virus generator downloaded from the Internet.
Written in Visual Basic, the worm was neither sophisticated, nor destructive. It was dubbed "Anna Kournikova" because it spread via an email attachment that posed as a picture of the beautiful Russian tennis player.
The infector was called AnnaKournikova.jpg.vbs and once run, it sent the malicious email to all contacts in the victim's Outlook address book.
So why did a simple worm created with a tool that was freely available on the Internet had such a great success and others didn't? Because de Wit used a really good lure.
As Graham Cluley, senior technology consultant at Sophos, points out, Anna Kournikova was one of the most popular celebrities at the time and by the end of 2001 she became the eight most popular woman searched for on Google.
"[...] Anna Kournikova was a very good choice for the worm's author. And very bad news for the millions of people around the world who had their computers infected by the attack," Mr. Cluley notes.
Unfortunately, the type of social engineering employed by this worm caught on and today it's pretty much used everywhere, from social networking scams, to spam campaigns and black hat SEO attacks.
It's almost a rule that when an event attracts a lot of interest from the general public, cyber criminals will be there to take advantage of it.
"The popularity of shortened URLs—which, as a byproduct, disguise where link-clickers are actually being taken—has only made the problem more challenging," notes Symantec researcher Kevin Haley.