heads ups ** Lirva.A**
Results 1 to 3 of 3

Thread: heads ups ** Lirva.A**

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    heads ups ** Lirva.A**

    here it is from http://securityresponse.symantec.com...irva.a@mm.html
    33% of my repair time is spent removing thedamage done by 5h1t like this little fellow.. for goodnes sake just IE5.5-SP2 is all that most need to slow this krap (BTW IE 6 isn't supposed to be susceptable.. unfortunatly you need atleast SP1 to be any good.. ) but most ppl don't have any idea about updating.. most of the ppl did have av's, updated the day the puter was purchased..
    so here is the latest that uses the same weakness that Klez and bugbear and friends have used..

    Heads up..

    Cheers

    W32.Lirva.A is a mass-mailing worm that also spreads by the IRC, ICQ, KaZaA, and open network shares. This worm attempts to terminate antivirus and firewall products. It also emails cached Windows 95/98/Me dial-up networking passwords to the virus writer.

    When Microsoft Outlook receives the worm, it uses a vulnerability that allows the attachment to auto-execute when you read or preview the email. Information on this vulnerability and a patch can be found at http://www.microsoft.com/technet/sec.../MS01-020.asp.

    If the day of the month is the 7th, 11th, or 24th, the worm will launch your Web browser to www.avril-lavigne.com and display a graphic animation on the Windows desktop.



    Also Known As: W32/Avril-A [Sophos], W32/Lirva.b@MM [McAfee], WORM_LIRVA.A [Trend]
    Infection Length: 32,766 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux
    CVE References: CVE-2001-0154
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Just an Update..

    Seems this little one is doing the rounds..
    It has been upgraded from a Cat 2 to a Cat 3.. Seems there are a lot of ppl who don't know/or dont wish to do what is required to provide minimum protection..

    I'll get off my hobby horse

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    Exclamation

    I recieved this warning via e-mail.

    Two of em! EVEN BIGGER HEADS UP!

    January 09, eSecurity Planet
    Virus Alert: W32.Lirva.A and ExploreZip. Two major viruses have struck the Internet at the same time. ExploreZip, an Internet worm first let loose in the wild back in 1999, has reemerged with just enough changes made to allow it to slip through anti-virus software undetected. And it has the added ability to override files on the infected computer, as well as on any other computer in the same network. Once ExploreZip 9 infects a computer, it will automatically respond to any email received with a seemingly valid subject line and the user's name, along with an infected attachment. Another problematic virus is the mass-mailing worm that pays tribute to Canadian singer Avril Lavigne. The worm is going under a few different names, including Avril and Lirva (which is Avril spelled backwards). Although this virus is less destructive than ExploreZip, anti-virus software company F-Secure Corp. has rated both viruses as Level 2 Threats, the second-highest threat category. The Lirva worm got a Level 2 rating because of the speed with which it's spreading around the world. It reportedly originated, in middle Europe and has spread to Turkey, the United States and Southeast Asia in less than 48 hours. Once Lirva infects a computer, it opens the computer's Internet Explorer browser to official Avril Lavigne Web site on the 7th, 11th and 24th of the month. It then starts to display colored circles on the screen, freezing the computer.
    Source: http://www.esecurityplanet.com/trend...751_1567161,00 .html
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •