Feeds

Homepage spreading faster than Kournikova worm

Epidemic exposes AV software flaws

  • alert
  • submit to reddit

SANS - Survey on application security programs

The spread of the Homepage Internet worm has exposed the deficiencies of the way many firms set up their virus protection, and raised questions about the effectiveness of antivirus software.

Homepage is an Internet worm written using the Visual Basic Script Worm Generator virus writing kit, which also spawned the Anna Kournikova worm, and if anything it is spreading even more rapidly. A number of firms have been forced to take down their Exchange servers in order to contain its outbreak.

After it was unleashed onto the Internet, probably late last night, the virus infected a number of organisations in Australia and Asia - including the Australian Parliament - before vendors of many antivirus firms had a chance to update their packages in the early hours of this morning.

Alex Shipp, an antivirus technologist at managed services firm MessageLabs, which scans its customers email for viruses, said "most AV software has failed to detect the virus heuristically [automatically]" and this was one reason why the outbreak has been so severe.

MessageLabs uses antivirus packages from Network Associates, F-Secure and Cybersoft. It also monitors the performance of antivirus software from other vendors and found that packages from Symantec and Trend Micro, which claim to provide heuristic protection, didn't automatically picked up the Homepage worm. According to MessageLabs' Shipp only Network Associates software picked up the virus automatically.

A source at IT firm Agilent said that Trend Micro's automatic update service didn't update its virus protection, and it had to update files downloaded manually via FTP.

"Our email monitoring tools showed that over 400,000 messages were sent internally as a result of infection," our source at Agilent told us.

Homepage arrives in an email that appears to be harmless home page recommendation but in reality directs victims who open an infected attachment to one of four porn web sites. It emails a copy of itself to everyone in a victims Outlook address book.

Since midnight Messagelabs has intercepted more than 21,000 copies of the virus and it estimates that one in 50 emails contain the virus. This suggests the virus is affecting the performance of the Internet even for those users who have escaped infection. ®

Related Story

Homepage Net worm spreading like wildfire

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.