Feeds

Homepage spreading faster than Kournikova worm

Epidemic exposes AV software flaws

  • alert
  • submit to reddit

Website security in corporate America

The spread of the Homepage Internet worm has exposed the deficiencies of the way many firms set up their virus protection, and raised questions about the effectiveness of antivirus software.

Homepage is an Internet worm written using the Visual Basic Script Worm Generator virus writing kit, which also spawned the Anna Kournikova worm, and if anything it is spreading even more rapidly. A number of firms have been forced to take down their Exchange servers in order to contain its outbreak.

After it was unleashed onto the Internet, probably late last night, the virus infected a number of organisations in Australia and Asia - including the Australian Parliament - before vendors of many antivirus firms had a chance to update their packages in the early hours of this morning.

Alex Shipp, an antivirus technologist at managed services firm MessageLabs, which scans its customers email for viruses, said "most AV software has failed to detect the virus heuristically [automatically]" and this was one reason why the outbreak has been so severe.

MessageLabs uses antivirus packages from Network Associates, F-Secure and Cybersoft. It also monitors the performance of antivirus software from other vendors and found that packages from Symantec and Trend Micro, which claim to provide heuristic protection, didn't automatically picked up the Homepage worm. According to MessageLabs' Shipp only Network Associates software picked up the virus automatically.

A source at IT firm Agilent said that Trend Micro's automatic update service didn't update its virus protection, and it had to update files downloaded manually via FTP.

"Our email monitoring tools showed that over 400,000 messages were sent internally as a result of infection," our source at Agilent told us.

Homepage arrives in an email that appears to be harmless home page recommendation but in reality directs victims who open an infected attachment to one of four porn web sites. It emails a copy of itself to everyone in a victims Outlook address book.

Since midnight Messagelabs has intercepted more than 21,000 copies of the virus and it estimates that one in 50 emails contain the virus. This suggests the virus is affecting the performance of the Internet even for those users who have escaped infection. ®

Related Story

Homepage Net worm spreading like wildfire

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.