i-worm.homepag
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
I-Worm.Homepage
This is an Internet worm that widely spread on 9 May 2001. The worm is written in Visual Basic Script language (VBS) and spreads as a "homepage.HTML.vbs" file attached to an e-mail message.
This is a usual Loveletter-like VBS worm, but it is encrypted (encoded) to bypass heuristic scanners.
This worm spreads via e-mail by sending infected messages from infected computers. While spreading, the worm uses MS Outlook and sends itself to all addresses that are stored in MS Outlook Address Book. As a result, an infected computer sends as many messages to as many addresses are kept in MS Outlook contacts list.
It works only on computers on which the Windows Scripting Host (WSH) is installed. In Windows 98 and Windows 2000, WHS is installed by default. To spread itself, the worm accesses MS Outlook and uses its functions and address lists. This is available in Outlook 98/2000 only, so the worm is able to spread only in case one of these MS Oulook versions is installed.
The infected message in the original worm version appears as follows:
Subject = "Homepage"
Body = Hi!
You've got to see this page! It's really cool ;O)
After spreading, the worm randomly opens one of four adult-orientated/pornographic pages to keep a user unaware.
To avoid double spreading from the same machine it creates the "HKCU\software\An\mailed" registry key and writes a "1" value to there. This is done so it does not spread from one to the same machine twice.
Copyright @2006 i-worm.homepag