Svetlozar Online Svetlozar.com in Bulgarian
Advertisement
Resources Svetlozar.comLearning CenterSecurity Alerts
 Products & Services
 Research & Analyses
 Customer Showcase
 Learning Center
 Partners
 Investor Relations
 Newsroom
 Corporate Profile
 Contact Information
Customer Center
Login
Password
Site Search
Snapshot
Personal Touch.
The high levels of quality Svetlozar Online achieves cannot be reached without high-level personlization. It's the personal touch that molds our connections into successful relationships.
Strains of Lirva worm generate infection spree
 
Svetlozar Online
Friday, January 10, 2003; 1538 GMT (10:38 a.m. EST)

Aliases
  Lirva (F-Secure)
  Lirva.B (F-Secure)
  W32/Avril-A (Sophos)
  W32/Avril-B (Sophos)
  W32/Lirva.a@MM (McAfee Security)
  W32.Lirva.A@mm (Symantec)
  W32.Lirva.C@mm (Symantec)
  W32/Naith.A-mm (Message Labs)
  W32/Naith.B-mm (Message Labs)
  Win32.Lirva.A (Computer Associates)
  Win32.Lirva.C (Computer Associates)
  WORM_LIRVA.A (Trend Micro)
  WORM_LIRVA.C (Trend Micro)
Related Documents
 Security advisories:
  Computer Associates 1 2
  F-Secure 1 2
  McAfee Security
  MessageLabs
  Sophos 1 2
  Symantec 1 2
  Trend Micro 1 2
  Microsoft Security Bulletin MS01-020
  Avril Lavigne Official Web Site
Related Files
 Free standalone removal tools:
  F-Secure Link points to a ZIP file.
  McAfee
  Symantec
As the Lirva worm was starting to gain momentum in its massive infection spree, its efforts were efficiently spurred by a new variant, which, according to various analysts and security software vendors, will probably surpass the initial version that caused the outbreak.

Lirva, dubbed Avril and Naith by some antivirus companies, is a mass-mailing worm that on top of the regular features list promotes the increasingly popular Canadian musician Avril Lavigne. On the 7th, 11th, and 24th day of the month Lirva opens the victim's web browser displaying the singer's official web site and shows an animation on the user's screen.

The worm comes along with a multitude of spreading abilities. It scours the Windows Address Book, ICQ's contact list, and files with certain extensions, obtaining e-mail addresses to which the virus sends a copy of itself. Lirva has also been detected on the Kazaa file sharing network since the worm replicates itself in Kazaa's shared folder.

In addition, Lirva can detect and attempt to terminate a wide array of antivirus and firewall software products, which increases its chances of staying undetected. The worm can also email the infected user's dial-up passwords to the virus's writer or try downloading Trojan horses and backdoor programs from a certain web site.

Svetlozar Online strongly urges all Windows-platform users to take all necessary measures to protect themselves against the threat. Lirva exploits the "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability and Microsoft Outlook users who have not updated their browsing software are at an extremely high risk-level. All Internet users are advised to update their security software's virus definitions.


Terms of ServicePrivacy PolicyCopyright PolicySite MapFeedback