A virus known as the Homepage worm has been spreading around the Internet for about a week,
but it now appears that the widespread contamination may finally be slowing. Although
leading anti-virus companies such as McAfee and Symantec have released updates to their
respective software packages, the virus has not been contained as much as many had first
According to the Symantec web site (www.symantec.com), the Homepage worm is being given a
classification of 4. The classification, which is based on a possible of a worst case
scenario of 5, has been given the classification mainly because of the widespread
contamination worldwide. Other anti-virus software companies, who have different
classifications, also have rated the virus as widespread. However, because the virus can
be handled with freely available updates to most popular anti-virus software, the virus
hasn't caused as much damage as was initially expected.
The Homepage worm, a Visual Basic Script (VBS), does not cause any damage to the system
that it is executed on. Instead, it copies itself to any messages that are sent using
Microsoft Outlook and attempts to hide itself by deleting itself from the Inbox and
Deleted Items folder. The worm opens several browsers when it is executed. The web sites
were previously adult porn related. It has been theorized that the virus may have been
written in an effort to gain web page hits for one or all of them.
The worm has not been as big of a problem in the US as it has been in other countries.
Perhaps one reason for this is the firewalls that are set to block any email that has an
EXE or VBS attachment. VBS attachments are becoming increasingly popular for virus
writers mainly because it is an easy language to learn and also takes advantage of
weaknesses in the Windows OS. Additionally, a VBS virus construction kit has been
available online for quite some time. It allows individuals without programming
experience to create viruses. In fact, the Anna Kournikova virus, which gained national
attention several months ago, may have been created using this software.
As was previously mentioned, when the virus is executed, it opens several web browsers
that are linked to adult web sites. These sites, under increasing pressure, have opted to
disable the links that were opening. Now, instead of four adult porn sites, the virus
opened web browsers all receive file not found errors.
If you regularly receive email attachments, you should follow the standard advice to open
only attachments that are received from individuals you know and trust. Unfortunately,
worms such as Homepage cause problems because users that are infected are emailing the
virus to everyone in their address book without realizing it. Therefore, you may receive
the email from someone you know, but it may still be a virus. You should make sure that
you do not open any EXE or VBS files unless you are certain of their content. To further
complicate the situation, virus writers are attempting to confuse you with names like
Picture.jpg.vbs which can mistakenly appear to be a JPG picture. Lastly, make sure to
consistently upgrade your anti-virus software so that you are protected against the newest