Antivirus software vendors are reporting that a new worm written to take advantage of Microsoft Corp.’s Outlook e-mail software is quickly spreading itself by luring unsuspecting users to open an attachment that supposedly contains a “really cool” Web page.
The new worm, which has been dubbed Homepage because that word is used in the message’s subject line, doesn’t carry destructive payloads that could damage infected computers, according to alerts released late yesterday and early today by antivirus vendors. But, they warned, it could choke corporate e-mail systems by sending itself to all users listed in Outlook address books.
“Early propagation reports indicate that this virus is spreading faster than many of the biggest viruses we saw last year,” said Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Espoo, Finland, in a statement issued today. He added that Homepage also appears to be moving more quickly than the AnnaKournikova.jpg.vbs worm that replicated itself through e-mail systems in February.
Symantec Corp.’s antivirus research centre said in an advisory posted on its Web site Tuesday that more than 10 companies had reported being hit by the worm at that point. Cupertino, Calif.-based Symantec rated Homepage’s ability to damage systems as a low threat but said the worm is capable of quickly distributing itself to more users.
Homepage, known formally by names such as VBS.VBSWG2.D@mm, is another in a long line of Visual Basic Script (VBS) worms that target Outlook users. The body of the e-mail message carrying the worm says, “Hi. You’ve got to see this page! It’s really cool ;O)” and invites recipients to open an attachment labeled “Homepage.HTML.vbs.”
The worm attempts to open Web pages with pornographic content when a user executes the attachment, the antivirus vendors said. In addition to F-Secure and Symantec, other companies that have released warnings about Homepage include Trend Micro Inc. in Cupertino and Sophos Anti-Virus in the United Kingdom.