CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
Two new computer worms spreading slowly around the Net Grammy nominee Avril Lavigne is the weapon deployed by computer virus users trying once again to wreak havoc on Internet users. A new malicious program called "Lirva" — the singer's name spelled backwards — promises information on the 18-year-old star. The virus is spreading, but only moderately, virus experts say. Meanwhile, an updated version of one of the Internet's most successful e-mail pests, ExploreZip, has made a reappearance.
LIRVA BEGAN MAKING the rounds on Tuesday, but infections began to spike on Wednesday, according to e-mail filtering firm MessageLabs Inc. The company had trapped nearly 6,000 copies of the bug by 4 p.m. ET.
Sharon Ruckman, senior director of Symantec Corp.'s Security Response Team, said Lirva was the second-most reported virus on Wednesday.
"Yes, it is out there. We saw more activity this morning in Europe," she said. Still, the worm rates only a 2 on a scale of Symantec's 1 to 5, with 5 being the most severe.
"We are not anticipating it will move up to a 3, based on the submission rate," she said.
McAfee Security did raise its risk rating on the worm from low to medium on Wednesday "due to an increase in prevalence over the past 24 hours," according to the company.
The worm can spread via e-mail, Internet Relay Chat, ICQ instant messaging, or the KaZaa file swapping service. Among typical messages in the e-mail version:
"FanList admits you to take in Avril Lavigne 2003 Billboard awards ceremony. Vote for I'm with you!"
Spotting the worm by subject line can be tricky, because it randomly chooses a subject line for e-mail from the following list:
'Fw: Prohibited customers...'The infected attachment also has randomly chosen file names.'Re: Brigade Ocho Free membership'
'Re: According to Daos Summit'
'Fw: Avril Lavigne - the best'
'Re: Reply on account for IIS-Security'
'Re: ACTR/ACCELS Transcriptions'
'Re: The real estate plunger'
'Fwd: Re: Admission procedure'
'Re: Reply on account for IFRAME-Security breach'
'Fwd: Re: Reply on account for Incorrect MIME-header'
If the worm successfully infetcs a user, it will e-mail copies of itself to everyone in the victim's Contacts list, similar to the Melissa virus. It will also shut down antivirus and firewall programs, and launch a Web browser to open the Avril Lavigne Web site, according to McAfee.
The worm is also known as "Naith," "Avril," and "Avron."
EXPLORE.ZIP, AGAIN
Meanwhile, a slightly altered version of the 1999 nemesis ExploreZip has been discovered, according Ruckman.
The worm has been compressed to evade detection by antivirus programs. But it poses little risk, because the malicious program must be "unpacked" — which reverses the compression process — before it runs, and antivirus programs will detect it at that point, Ruckman said. She said Symantec had only received four submissions of the virus.
But Ken Dunham, senior intelligence analyst at iDefense Inc., said two large corporations were hit by the ExplorerZip worm, one in the United Kingdom and another in the United States.
"It has the potential to become a serious problem for multiple organizations and home users today," he said.
ExploreZip was particularly desctructive back in 1999, when it infected thousands of machines, deleting a host of Microsoft Office Word Documents, spreadsheets, and PowerPoint presentations along the way. Explore Zip arrives as an e-mail with the message:
Hi ....I received your email and shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye
The infected attachment is named zipped_files.exe, according to iDefense.
MSNBC Terms, Conditions and Privacy © 2003
[an error occurred while processing this directive]