F-Secure's partner tracked down the writer of Kornikova virus

Espoo, Finland - February 14, 2001

F-Secure Corporation [HEX: FSC], a leading provider of security for mobile, distributed enterprises, today announced that their partner in Sweden, Atremo AB, was able to track and discover the writer of Kournikova virus. Atremo handed over the name to FBI who found the information accurate and well-researched. Atremo and F-Secure decided to inform public about this to raise awarness of this irresponsible conduct.

Atremo was able to track the writer through internet's newsgroups, webforums and home pages. The writer had been using several aliases and e-mail addresses. The writer had also been using a very unusual greeting, which made it easy for Atremo to follow his path.

The writer cited IDC research in claiming that "Surfing people haven't learned anything from the I Love You virus."

"While this may be true," responded Risto Siilasmaa, President and CEO at F-Secure, "you don't prove someone is ill-protected by attacking them. Sites around the world were impacted by a high volume of email, some of them receiving thousands of bogus messages. As a result of this irresponsible conduct, many email servers were shut down, leading to a decrease in productivity, a slowdown in customer service, and other unknown impacts."

The writer tried to excuse the gambit by claiming "I never intended to harm the site [where the virus was hosted]" and "I never wanted to harm the people.... But after all: it's their own fault they got infected with the AnnaKournikova virus, OnTheFly virus or whatever they call it."

While decrying this attitude as reckless, Risto Siilasmaa said the results do point out that many people have ignored dire warnings of the past. For example, many have not installed proven, readily available anti-virus software or disabled Visual Basic Scripting, the simplest, most straightforward way to prevent contagion.

"The danger posed by viruses is in direct proportion to the complacency that seems so prevalent today," he added.

At the end of last year, F-Secure authored a list of recommendations for computer users to avoid viruses and worms, which F-Secure has posted to the company's website, at: http://www.f-secure.com/news/2000/news_2000112100.shtml . The top five points are:

1. Install a good anti-virus software program and keep it updated on a daily basis, either automatically (as with F-Secure) or manually.

2. Most of the worms that use e-mail to propagate use Microsoft Outlook or Outlook Express to spread. If you need to use Outlook, download and install the latest Outlook security patch from Microsoft. In general, keep your operating system and applications up-to-date, and apply the latest patches when they become available. Be sure to get the updates directly from the vendor.

3. Configure Windows to always show file extensions. In Windows 2000, this is done through Explorer, via the Tools menu: Tools/Folder Options/View - and uncheck "Hide file extensions for known file types". This makes it more difficult to for a harmful file (such as an EXE or VBS) to masquerade as a harmless file (such as TXT or JPG).

4. Never open e-mail attachments with the file extensions VBS, SHS or PIF. These extensions are almost never used in normal attachments, but they are frequently used by viruses and worms.

5. Disable visual basic scripting - most people do not need it, and it is the means by which many worms and viruses enter the system. A link with instructions to Disable VBScripting is available on F-Secure's website, http://www.f-secure.com/virus-info/ .