UBB.classic™ 6.7.2
By Will Knight
ZDNet (UK)
May 9, 2001 5:56 AM PT
The worm, known to virus experts as VBS.VBSWG2, and dubbed Homepage, has
been reported at scores of companies, according to antivirus vendors who say
it is likely to hit more firms today.
According to experts, the worm will not cause damage to the computer system
that receives the initial e-mail, but could bring down corporate mail
servers by sending out thousands of copies of itself. (Preventing the worm.)
Experts also say that it is moving at a formidable rate. MessageLabs, a UK
company that tracks the spread of computer viruses and worms, says that
since yesterday evening it has seen more than 8000 copies of the Homepage
pass through its servers.
Similarities to Kournikova
"Early propogation reports indicate that this virus is spreading faster than
many of the biggest viruses we saw last year", says Mikko Hypponen of
Finnish antivirus firm F-Secure. "It's seems to be spreading faster like
Anna Kournikova".
Antivirus vendor Symantec said that last night more than 30 companies
reported receiving the worm. UK-based antivirus company Sohpos reported that
40 of its corporate customers have been hit so far and F-Secure said it has
received over 30 reports.
The e-mail spreading the worm claims to contain a page that is guaranteed to
become the next Internet craze. It has the subject line "Homepage", and the
message, "Hi! You've got to see this page. It's really cool ;o)".
The attached file--homepage.html.vbs--is not an html document, but a
malicious Visual Basic script. Once executed, the script will forward the
same e-mail on to all the people in a victim's address book and
automatically open one of four pornographic Web pages on the user's
computer.
According to experts, the malicious e-mail attachment uses similar code to
the Kournikova worm, which spread quickly around the world in February by
encouraging victims to click on a supposed picture of the Russian tennis
star Anna Kournikova.
Graham Cluley, head of research at Sophos, said the new worm illustrates
that users need to be alert to the danger of e-mail attachments. "It's not
even a particularly clever bit of social engineering," he says. "It just
says 'this is cool'."
What is most disturbing about the success of the Homepage worm, according to
Cluley, is that many companies are still not blocking Visual Basic
attachments from entering the company--they could easily do so with basic
filtering technology.
Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC),
predicts that Homepage will be seen at more companies today. "The average
corporate customer will probably see it on their mail server," he said.
------------------
Ken Henry
Henry & Henry Signs
London, Ontario Canada
(519) 439-1881
e-mail kjmlhenry@home.
Some days you get to be the dog....other days, you get to be the fire hydrant.
------------------
Wright Signs
Wyandotte, Michigan
Since 1978
www.wrightsigns.bigstep.com
All change isn't progress, and all progress isn't forward.
Go to Control Panel>Add/Remove Programs>Windows Setup>Accessories then uncheck the Windows Scripting Host.
Unless you are writing your own Visual Basic programs, you do not need this installed.
Disable it and you lose the ability to execute those VBS worms.. forever.
------------------
Mike Pipes
Digital Illusion Custom Graphics
Lake Havasu City, AZ
http://www.stickerpimp.com