UK: Homepage worm spreads quicker than Lovebug

MessageLabs, a UK company that outsources virus tracking technology to stop the spread of computer viruses and worms, said that since yesterday evening it has seen more than 12,000 copies of the Homepage worm in the UK alone.

An email worm that purports to contain a link for the next cult Internet homepage appears to be spreading faster than the Lovebug virus.

LONDON (ZDNet UK)--A new email worm, known to virus experts as VBS.VBSWG2 and dubbed Homepage, is reported to infected scores of companies today, and anti-virus experts say that there may be more infections in the first 24 hours than was seen with the Lovebug virus -- widely regarded as the most profilic virus of all time.

Earlier reports suggested that Homepage was spreading faster than the Kournikova worm, but now anti-virus firms are saying it could take top spot.

According to experts, the worm will not cause damage to the computer system that receives the initial email, but could bring down corporate mail servers by sending out thousands of copies of itself.

The worm is spreading at a formidable rate. MessageLabs, a UK company that outsources virus tracking technology to stop the spread of computer viruses and worms, said that since yesterday evening it has seen more than 12,000 copies of the Homepage worm in the UK alone. A MessageLabs spokeswoman this afternoon said the proportion of emails infected with the worm puts Homepage on par with the most prolific virus of all time, the Love Bug.

"Early propogation reports indicate that this virus is spreading faster than many of the biggest viruses we saw last year," said Mikko Hypponen of Finnish antivirus firm F-Secure this morning. "It seems to be spreading faster as Anna Kournikova".

Antivirus vendor Symantec said that last night more than 30 companies reported receiving the worm. UK-based antivirus company Sohpos reported that 40 of its corporate customers have been hit so far and F-Secure said it has received over 30 reports.

The email spreading the worm claims to contain a page that is guaranteed to become the next Internet craze. It has the subject line "Homepage", and the message, "Hi! You've got to see this page. It's really cool ;o)".

The attached file -- homepage.html.vbs -- is not an html document, but a malicious Visual Basic script. Once executed, the script will forward the same email on to all the people in a victim's address book and automatically open one of four pornographic Web pages on the user's computer.

According to experts, the malicious email attachment uses similar code to the Kournikova worm, which spread quickly around the world in February by encouraging victims to click on a supposed picture of the Russian tennis star Anna Kournikova.

Experts also say that the worm was created using an updated version of the worm-generating toolkit that spawned Kournikova. As yet it is unclear where the worm started, although some anti-virus experts suggest it may originate from Asia.

Graham Cluley, head of research at Sophos, said the new worm illustrates that users need to be alert to the danger of email attachments. "It's not even a particularly clever bit of social engineering," he says. "It just says 'this is cool'."

What is most disturbing about the success of the Homepage worm, according to Cluley, is that many companies are still not blocking Visual Basic attachments from entering the company -- they could easily do so with basic filtering technology.

Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC), predicts that Homepage will be seen at more companies today. "The average corporate customer will probably see it on their mail server," he said.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All