+++++++++++++++++++++++++++++++++++
WinProxy and AVStripper Virus Alert
MEDIUM RISK VIRUS
+++++++++++++++++++++++++++++++++++
Ositis is sending this notification to you as an early warning of
a new
virus W32/Lirva.a@MM. Make sure you and your network are protected
from
this Medium Risk Worm!
The mass mailing worm
W32/Lirva.a@MM propagates via email, mapped network-
shared drives, IRC, ICQ and KaZaA Peer-to-Peer file sharing. The
worm
terminates several processes in infected computers, which stops
antivirus
and firewall programs, among others. It does not require the email
receiver
to open the attachment for it to execute. It uses a vulnerability
in
Internet Explorer-based email clients to execute the file attachment
automatically, known as Automatic Execution of Embedded MIME type.
It
arrives through email with the following details:
SUBJECT OF THE EAMIL IS
RANDOMLY SELECTED FROM ONE OF THESE STRINGS:
Fw: Avril Lavigne - the best
Fw: Prohibited customers...
Fwd: Re: Admission procedure
Fwd: Re: Reply on account for Incorrect MIME-header
Re: According to Daos Summit
Re: ACTR/ACCELS Transcriptions
Re: Brigade Ocho Free membership
Re: Reply on account for IFRAME-Security breach
Re: Reply on account for IIS-Security
Re: Reply on account for IIS-Security Breach (TFTP)
Re: The real estate plunger
VISIBLE SYMPTOMS
It is easy to know if Lirva has infected your computer, as on the
7th, 11th
and 24th of each month it opens the Internet browser and connects
to the web,
after it connects page http://www.avril-lavigne.com it displays
series of
superimposed colored elipsis on screen and in the left corner of
the screen,
the following message is displayed:
"AVRIL_LAVIGNE_LET_GO - MY_MUSE:)
2002 (c) Otto von Gutenberg"
The worm also collects
passwords from the computers it infects and sends
them to a certain address via e-mail.
PATTERN FILE
W32/Lirva.a@MM is detected by pattern file #3.65341 for Panda and
#435 for Trend.
Click below for more information on this
virus:
Mehr
Infos |