Antivirus firms McAfee.com, F-Secure, Command Central, Symantec and Trend Micro all issued warnings or alerts Wednesday about the VBSWG.X worm, which also goes by the names Homepage, VBS.VBSWG2.D@mm, VBS_Homepage.A and VBS/SST.gen@MM.
The worm, which appears in e-mail in-boxes with the subject line "Homepage" and body text reading "You've got to see this page! It's really cool ;O)," spreads itself by e-mail using Microsoft's Outlook e-mail client and VBS (Visual Basic script). When the Homepage file is double-clicked, a computer will send the same e-mail to all addresses listed in the computer's address book and will attempt to open one of four pornographic Web sites. The worm will then also search the computer's in-box and delete e-mail folders for e-mail messages with the subject line "Homepage," according Central Command.
The worm is spreading very quickly according to antivirus firms, though all cite it as relatively low risk due to its non-destructive nature. However, mass mailer worms can cause corporate e-mail servers to crash if too many mails are sent at once. As a result, a number of companies have already switched their e-mail servers off, said Marius van Oers, a virus researcher engineer at McAfee.
"Some companies in Asia and in Europe have even decided to switch off their (Microsoft) Exchange e-mail servers as the number of e-mail messages going through them caused problems. To get back online, the administrator will have to weed through the messages that came in during the offline period and delete the ones with the virus. This can take a couple of hours or even a day, depending on the size of the company," he said.
"We have received a great number of reports of infections, thousands from Asia and Europe. Reports from the US are just coming as the business day has only just begun. We have dozens of reports from the US now. These are almost Loveletter proportions," he said. Loveletter was a virus that wreaked havoc worldwide around a year ago by spreading itself through e-mail and deleting hard drives.
The Anna Kournikova worm was built using a worm creation kit, a piece of software that makes the creation of such worms practically a point and click process. Van Oers suspects that same may be true of Homepage.
"I think somebody downloaded a worm creation kit and sent the worm out," said Van Oers.
Users of McAfee Antivirus with a definition file over version 4123 are safe, noted Van Oers. This so-called DAT file has been out for several weeks, he said. Other antivirus firms have also released updates. To avoid this worm, users should delete the e-mail, never open unexpected attachments without verifying them, filter out e-mails that contain attachments with the .vbs extension and keep their antivirus programs up to date, other antivirus companies said.