New 'Homepage' worm rated X

Summary:Spreading faster than the Kournikova? This latest worm will forward an e-mail to all the people in a victim's address book and open one of four pornographic Web pages.

The worm, known to virus experts as VBS.VBSWG2, and dubbed Homepage, has been reported at scores of companies, according to antivirus vendors who say it is likely to hit more firms today.

According to experts, the worm will not cause damage to the computer system that receives the initial e-mail, but could bring down corporate mail servers by sending out thousands of copies of itself. (Preventing the worm.)

Experts also say that it is moving at a formidable rate. MessageLabs, a UK company that tracks the spread of computer viruses and worms, says that since yesterday evening it has seen more than 8000 copies of the Homepage pass through its servers.

Similarities to Kournikova
"Early propogation reports indicate that this virus is spreading faster than many of the biggest viruses we saw last year", says Mikko Hypponen of Finnish antivirus firm F-Secure. "It's seems to be spreading faster like Anna Kournikova".

Antivirus vendor Symantec said that last night more than 30 companies reported receiving the worm. UK-based antivirus company Sohpos reported that 40 of its corporate customers have been hit so far and F-Secure said it has received over 30 reports.

The e-mail spreading the worm claims to contain a page that is guaranteed to become the next Internet craze. It has the subject line "Homepage", and the message, "Hi! You've got to see this page. It's really cool ;o)".

The attached file--homepage.html.vbs--is not an html document, but a malicious Visual Basic script. Once executed, the script will forward the same e-mail on to all the people in a victim's address book and automatically open one of four pornographic Web pages on the user's computer.

According to experts, the malicious e-mail attachment uses similar code to the Kournikova worm, which spread quickly around the world in February by encouraging victims to click on a supposed picture of the Russian tennis star Anna Kournikova.

Graham Cluley, head of research at Sophos, said the new worm illustrates that users need to be alert to the danger of e-mail attachments. "It's not even a particularly clever bit of social engineering," he says. "It just says 'this is cool'."

What is most disturbing about the success of the Homepage worm, according to Cluley, is that many companies are still not blocking Visual Basic attachments from entering the company--they could easily do so with basic filtering technology.

Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC), predicts that Homepage will be seen at more companies today. "The average corporate customer will probably see it on their mail server," he said.

Topics: Malware, Security, Servers, Symantec

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.