WinProxy and AVStripper Virus Alert
MEDIUM RISK VIRUS
Ositis is sending this notification to you as an early warning of
virus W32/Lirva.a@MM. Make sure you and your network are protected
this Medium Risk Worm!
The mass mailing worm
W32/Lirva.a@MM propagates via email, mapped network-
shared drives, IRC, ICQ and KaZaA Peer-to-Peer file sharing. The
terminates several processes in infected computers, which stops
and firewall programs, among others. It does not require the email
to open the attachment for it to execute. It uses a vulnerability
Internet Explorer-based email clients to execute the file attachment
automatically, known as Automatic Execution of Embedded MIME type.
arrives through email with the following details:
SUBJECT OF THE EAMIL IS
RANDOMLY SELECTED FROM ONE OF THESE STRINGS:
Fw: Avril Lavigne - the best
Fw: Prohibited customers...
Fwd: Re: Admission procedure
Fwd: Re: Reply on account for Incorrect MIME-header
Re: According to Daos Summit
Re: ACTR/ACCELS Transcriptions
Re: Brigade Ocho Free membership
Re: Reply on account for IFRAME-Security breach
Re: Reply on account for IIS-Security
Re: Reply on account for IIS-Security Breach (TFTP)
Re: The real estate plunger
It is easy to know if Lirva has infected your computer, as on the
and 24th of each month it opens the Internet browser and connects
to the web,
after it connects page http://www.avril-lavigne.com it displays
superimposed colored elipsis on screen and in the left corner of
the following message is displayed:
"AVRIL_LAVIGNE_LET_GO - MY_MUSE:)
2002 (c) Otto von Gutenberg"
The worm also collects
passwords from the computers it infects and sends
them to a certain address via e-mail.
W32/Lirva.a@MM is detected by pattern file #3.65341 for Panda and
#435 for Trend.
Click below for more information on this