Feeds

Homepage spreading faster than Kournikova worm

Epidemic exposes AV software flaws

  • alert
  • submit to reddit

Build a business case: developing custom apps

The spread of the Homepage Internet worm has exposed the deficiencies of the way many firms set up their virus protection, and raised questions about the effectiveness of antivirus software.

Homepage is an Internet worm written using the Visual Basic Script Worm Generator virus writing kit, which also spawned the Anna Kournikova worm, and if anything it is spreading even more rapidly. A number of firms have been forced to take down their Exchange servers in order to contain its outbreak.

After it was unleashed onto the Internet, probably late last night, the virus infected a number of organisations in Australia and Asia - including the Australian Parliament - before vendors of many antivirus firms had a chance to update their packages in the early hours of this morning.

Alex Shipp, an antivirus technologist at managed services firm MessageLabs, which scans its customers email for viruses, said "most AV software has failed to detect the virus heuristically [automatically]" and this was one reason why the outbreak has been so severe.

MessageLabs uses antivirus packages from Network Associates, F-Secure and Cybersoft. It also monitors the performance of antivirus software from other vendors and found that packages from Symantec and Trend Micro, which claim to provide heuristic protection, didn't automatically picked up the Homepage worm. According to MessageLabs' Shipp only Network Associates software picked up the virus automatically.

A source at IT firm Agilent said that Trend Micro's automatic update service didn't update its virus protection, and it had to update files downloaded manually via FTP.

"Our email monitoring tools showed that over 400,000 messages were sent internally as a result of infection," our source at Agilent told us.

Homepage arrives in an email that appears to be harmless home page recommendation but in reality directs victims who open an infected attachment to one of four porn web sites. It emails a copy of itself to everyone in a victims Outlook address book.

Since midnight Messagelabs has intercepted more than 21,000 copies of the virus and it estimates that one in 50 emails contain the virus. This suggests the virus is affecting the performance of the Internet even for those users who have escaped infection. ®

Related Story

Homepage Net worm spreading like wildfire

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?