Mike's Safety Belt
~~Mike Baynes, MikesWhatsNews
Another Celebrity Virus ~ Lirva
The latest virus to take advantage of famous names is the Lirva, W32/Avril-A
[Sophos], W32/Lirva.b@MM [McAfee], WORM_LIRVA.A [Trend], Win32.Lirva.A [CA]
and its varieties, Lirva.B, Lirva.C, named after the Canadian skater, Avril
(Lirva backwards) Lavigne.
The Virus was created within 2 days of her nomination at the Grammy awards,
which points out just how fast they can be created.
It is not the first time that virus writers/creators have used the
popularity of celebrities to spread their infectious creations.
- Anna Kournikova ~
http://www.cert.org/advisories/CA-2001-03.html ~ was a serious
threat only 2 years ago, using a known hole in Microsoft's IE to execute
VBScript.
- Some of the other celebrities who have received this dubious status
are Jenna Jameson, Jennifer Lopez, Alyssa Milano , and Britney Spears.
The Lirva virus once again takes advantage of the known vulnerability in
MS Outlook Express 4.0 and 5.0 and allows the script to run while previewing
the message. Updated OE 6 should not be affected.
Microsoft has a patch here.
www.microsoft.com/technet/security/bulletin/MS01-020.asp
The virus also follows past virus action by disabling access to certain AV
program sites.
Lirva may also spoof a Microsoft Security Bulletin. Remember MS
will NEVER send you an executable file.
It is spread through email, via open Windows shares, IRC, ICQ, and KaZaA
peer-to-peer networks.
Lirva sends a copy of itself to everyone listed in a user's address book
by using its own built-in SMTP server, which helps the worm's activity go
undetected. Lirva also collects address information from various other files
on the user's system, such as .htm, .wab, and .dbx files.
Computer Associates has a good page on it here;
http://support.ca.com/techbases/ilnt/virusalert2.html
Due to the increasing threat posed by Lirva, Panda Software has made the
PQREMOVE utility available to all users. This application is designed to
repair the possible damage that the virus could inflict on computers and can
be downloaded from
http://www.pandasoftware.com/download/utilities/
Remember the best antivirus defense is your own good sense!
- Keep your AV program updated
- Use an email program which can strip out attachments
- Disable scripting
- Don't open any attachments you have not been expecting and have the
sender give you the name of the file and its size before sending.
I have put together a Lirva page with common program links here:
http://www3.telus.net/mikebike/Lirva.A.htm
<<<back to contents
Mike Baynes is the
editor of
MikesWhatsNews
. To subscribe, send a blank email to
mikeswhatsnews-request@freelists.org?Subject=subscribe
See Mike's Anti-Virus pages ~
http://virusinfo.hackfix.org.
To subscribe, send a blank email to:
virusinfo-request@freelists.org?Subject=subscribe |
,
