Feeds

Homepage spreading faster than Kournikova worm

Epidemic exposes AV software flaws

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The spread of the Homepage Internet worm has exposed the deficiencies of the way many firms set up their virus protection, and raised questions about the effectiveness of antivirus software.

Homepage is an Internet worm written using the Visual Basic Script Worm Generator virus writing kit, which also spawned the Anna Kournikova worm, and if anything it is spreading even more rapidly. A number of firms have been forced to take down their Exchange servers in order to contain its outbreak.

After it was unleashed onto the Internet, probably late last night, the virus infected a number of organisations in Australia and Asia - including the Australian Parliament - before vendors of many antivirus firms had a chance to update their packages in the early hours of this morning.

Alex Shipp, an antivirus technologist at managed services firm MessageLabs, which scans its customers email for viruses, said "most AV software has failed to detect the virus heuristically [automatically]" and this was one reason why the outbreak has been so severe.

MessageLabs uses antivirus packages from Network Associates, F-Secure and Cybersoft. It also monitors the performance of antivirus software from other vendors and found that packages from Symantec and Trend Micro, which claim to provide heuristic protection, didn't automatically picked up the Homepage worm. According to MessageLabs' Shipp only Network Associates software picked up the virus automatically.

A source at IT firm Agilent said that Trend Micro's automatic update service didn't update its virus protection, and it had to update files downloaded manually via FTP.

"Our email monitoring tools showed that over 400,000 messages were sent internally as a result of infection," our source at Agilent told us.

Homepage arrives in an email that appears to be harmless home page recommendation but in reality directs victims who open an infected attachment to one of four porn web sites. It emails a copy of itself to everyone in a victims Outlook address book.

Since midnight Messagelabs has intercepted more than 21,000 copies of the virus and it estimates that one in 50 emails contain the virus. This suggests the virus is affecting the performance of the Internet even for those users who have escaped infection. ®

Related Story

Homepage Net worm spreading like wildfire

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.