[Esa-l]Here's a new one....
mannig at worldnet.fr
Fri May 11 15:08:58 PDT 2001
A 16:49 09/05/01 +0100, Murray Crane icrit:
>Yes. It's pretty new. F-Secure call it VBSWG.X or 'homepage'. See
http://www.f-secure.com/v-descs/vbswg_x.shtml if you care to. F-Secure
released a signature update this
>morning that detects it, but I didn't find that out until after the
sanitizer had caught *five* copies of it...
Even an individual email client may be set up up to block/kill any incoming
email which corps contains a file with 2 "." (dots) in its name. Such files
are at 99.9999% virus. Tobe simplier, all attachement that end by ".vbs"
The HomePage virus is very likely to become a new ( and borring )
LoveLetter plague. Not in terms of destroyed data : in terms of wasted
>F-Secure say it's propagating quicker than AnnaK, and I'm inclined to
There's a 2-step strategy that brings a 100% "waterproof" protection vs.
on servers. Although...) to wipe out/rename :
files. Those executables are devoted to interpret and execute the
suicidary trends, executing such codes in *emails* in not compulsory AT
ALL. We all have very well lived before they surfaced and we can very
easily still live without such time bombs !
Afterwards, any double-clik on suich files ( or simply opening an incoming
email ) will fail. As easy as 1.2.3 ;-)
This tip has been widespred but I can say for sure ( and what you are
currently reporting is another evidence ) that maybe 0.02% of users apply
Everybody is wondering at loud voice ( or smooth one ) " What will happen
this, some so-called "AV firewall" let it come in like Santa ! I received
this evening an email spread on a mailing-list that carried HomePage virus
although it has theorically been scanned with AMaViS
A nice : "X-AntiVirus: scanned for viruses by AMaViS 0.2.1
(http://amavis.org/)" features on the email header. Also a nice ad that
As a (temporary?) conclusion, I cannot do more that citating a declaration
of KAV staff:
"'Homepage' is simply the latest harmful code using a primitive method of
introducing itself, but in no way poses a threat to those strictly adhering
to the rules of computer hygiene. Those who have fallen victim are those
who, despite the numerous warnings do date, continue to open files with
suspicious contents," commented Denis Zenkin, Head of Corporate
Communications for Kaspersky Labs."
Forbidding them to open bombs by deleting the software tool this operations
requires will suffice.
V.A.R.S Intl antivirus Support http://www.hitchhikers.net/vir-vrf.htm
Member of the Wild List ( http://www.wildlist.org )
Discovered the viruses'JUMPER' , partially familly 'WereWolf' ,
Win.Tentacle.1958,GGM.936 & EMAS.2456, Win32.HLLP.DeTroie, Trojan.BadSector,
JS.Trojan.WindowBomb, I-Worm.LoveLetter.ao, SillyOC.155
More information about the esd-l