First published: 09th May 2001
A new email worm spread around the world and in Hong Kong today. Yui Kee received several reports from end-users and MessageLabs reported that over 100 copies per minute were being stopped by their Virus Control Centre. The earliest reports originated from the Netherlands, but Australia was the most affected country.
VBS/VBSWG-X, also known as Homepage, is an encrypted e-mail worm based on the same worm construction kit as VBS/SST-A - the Anna Kournikova worm.
It spreads by using the Outlook email application, sending messages with the following content:
Subject: HomepageIf the attachment is opened, the worm mass mails itself to every address in every addresbook the victim has. It then modifies the registry so that it will not mass mail itself again. Finally, it opens one of four pornographic web pages in the victims' browser.
Body: You've got to see this page! It's really cool ;O)
Attachment: homepage.HTML.vbs
Mark Sunner, CTO at MessageLabs, commented: "This new Homepage virus is easily spreading as fast as the LoveBug last year. The fact that we are seeing over 100 copies of the virus every minute points to the fact that companies haven't been updating their AV scanners with the fixes which are now available to protect themselves. Once again we would reiterate the need for Internet level virus scanning to protect users from viruses such as these."
Allan Dyer, Chief Consultant at Yui Kee Computing, said: "It is dissappointing to see that so many people have forgotten the lessons of Melissa, Loveletter and VBS/SST-A. This really was avoidable."
Users are advised to always practice "Safe Hex", see Sophos for details.
Further information on VBS/VBSWG-X is available from: