Kaspersky Labs-an international data-security software-development company-as a result of many reports surrounding the detection of and mass infection by the Visual Basic Script worm "Homepage" around the world, reports that within the past few hours that its technical support department has...
Kaspersky Lab-an international data-security software-development company-as a result of many reports surrounding the detection of and mass infection by the Visual Basic Script worm "Homepage" around the world, reports that within the past few hours that its technical support department has received hundreds of reports regarding the worm's penetration of users' computers.
"'Homepage' is simply the latest harmful code using a primitive method of introducing itself, but in no way poses a threat to those strictly adhering to the rules of computer hygiene. Those who have fallen victim are those who, despite the numerous warnings do date, continue to open files with suspicious contents," commented Denis Zenkin, Head of Corporate Communications for Kaspersky Lab.
"Homepage" is written in Visual Basic Script (VBS) and is able to operate on the Windows Scripting Host (in Windows 98 Windows 2000, installed by default); otherwise, the file-carrying worm simply cannot be launched.
The main feature distinguishing "Homepage" is that its code is encrypted so as to avoid detection by the heuristic analyzer.
The worm propagates only via Microsoft Outlook--should a user open an infected attachment--by sending itself as an e-mail attachment to all addresses listed in the infected user's address book. After this, the worm tries to randomly open certain pornographic Web sites using Internet Explorer. The e-mail with the worm has the subject "Homepage" and the attachment "HOMEPAGE.HTML.VBS" and the e-mail appears as follows:
If the entry has the value 1, the worm has propagated; otherwise, the worm sends itself out as an attachment to all addresses listed in the MS Outlook address book of the infected user and then creates the above registry entry with a value 1. This is to avoid sending an infected message to the same computer twice from the same infected computer.
Detection and removal procedures for the VBS worm "Homepage" have been added to the Kaspersky Lab anti-virus database.
For more technical details, visit the Kaspersky Virus Encyclopedia.
Kaspersky Anti-Virus can be purchased in the Kaspersky Lab online store or from a worldwide network of Kaspersky Anti-Virus distributors and resellers.
Download the FREE time-limited trial version of Kaspersky Anti-Virus here.
Subscribe to Kaspersky Lab' FREE information service here.
