FBI probes virus outbreak after "Anna" arrest

"We have opened an investigation and are working on the case," said Deborah Weierman, spokeswoman for the Washington D.C. bureau of the FBI. At this point, the agency is collecting evidence from affected companies, Weierman said.

At 8:40 a.m. local time, a 20-year-old man claiming to be the author of the virus turned himself into authorities in the town of Sneek located in the northern province of Friesland in the Netherlands, according to a police statement.

"By the time he understood what the virus did, he had conferred with his parents and decided to turn himself into the police," read the Dutch statement posted to the Web by the Friesland police.

Apparently, the author created the virus in a matter of hours. "The young man had downloaded a program on Sunday, Feb. 11 from the Internet and later the same day, around 3:00 p.m., set the virus loose in a newsgroup," the police statement said.

The Anna Kournikova virus--also called VBS_KALAMAR, VBS/SST and VBS/OnTheFly--spread worldwide Monday.

The Anna virus poses as a photo of 19-year-old Russian tennis player Anna Kournikova attached to an e-mail. The attachment appears as AnnaKournikova.jpg.vbs or as an abbreviated version of that name.

The virus uses Visual Basic to infect Windows systems and then, on systems with Microsoft Outlook, mails itself out to the entire address book. The virus does not affect MacOS, Linux or Unix systems.

The virus' ability to mail itself out to a large number of Internet users classifies it as a worm.

Experts claimed that the virus spread nearly as widely as the Melissa virus that hit the Net almost two years ago. The Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University said that more than 100 sites reported encountering the virus on Monday.

Mail service provider Mail.com reported that almost 53,000 copies were stopped at its gateway in a 24-hour period starting Monday, while British-based rival MessageLabs confirmed another 18,000 copies of the virus had been stopped so far this week.

Melissa kicked off a new age of fast-spreading, hard-hitting worms in March 1999, when the macro virus flooded e-mail systems by using commands built into Microsoft Word to control e-mail.

Last May, a Visual Basic script virus masquerading as a love letter spread even more widely after it was released from the Philippines. A 22-year-old computer-school dropout, Onel de Guzman, has since been charged for crimes related to the release of the so-called Love Letter virus. Due to the lack of laws regarding computer crime in the Philippines, de Guzman is facing charges of credit card fraud.

Like Melissa, the Anna virus does not damage the systems that it has infected.

On Tuesday, the self-proclaimed author of the virus, calling himself OnTheFly, posted a statement to a hastily constructed Tripod Web site.

"I didn't do it for fun," he stated on the posting dated Feb. 13. "I never wanted to harm the people who opened the attachment. But after all: It's their own fault they got infected."

The first line of the Anna virus contained the line "Vbs.OnTheFly Created By OnTheFly," but because of Kournikova's popularity, most victims referred to the virus as Anna Kournikova.

The statement confirmed that OnTheFly used a readily available virus writing tool, known as the Vbs Worm Generator, to create the virus, but exonerated the tool's author of aiding him.

In his online admission, OnTheFly said that a recent study by IDC concluding that surfers had not learned anything from recent virus attacks like LoveLetter gave him the idea to write the virus.

"I think IDC is right," he wrote. "I also think that you agree with me, according to the rate of spreading."

Meanwhile, a source at Excite@Home acknowledged on Tuesday that it had identified and collected data on a Dutch subscriber who appears to be OnTheFly. A previous virus, known as Iwa, had been posted to the alt.comp.virus.source.code newsgroup using @Home's network in the Netherlands.

CNET.com's Hunter Hoffman contributed to this report.