Warning: Three new virus worms on the loose

Warning: Three new virus worms on the loose

Virus writers have had a busy start to the year, with three new worm threats detected already.

Link: Festive virus threat in the air

‘Lirva A’ lures its victims with Canadian teen skate punk singer Avril Lavigne as the bait.

The worm arrives as a .exe attachment in an email claiming to offer special access to the singer’s website. In some cases the attachment also claims to be a Microsoft IIS security patch.

Once activated the worm copies itself into the system folder and searches for antivirus software and shuts it down.

It then leaves copies of itself on the hard drive, and on Kazaa file sharing software if present.

Lirva A then emails itself to all addresses in the Windows address book using its own SMTP engine. It is also capable of sending itself to ICQ users and spreading via mIRC.

The payload opens a web page to Avril Lavigne’s website every 7th, 11th and 24th of the month.

It displays a pattern of ellipses on the PC screen, and the message ‘AVRIL_LAVIGNE_LET_GO – MY_MUSE:) 2002 (c) Otto von Gutenberg’ is displayed in the top left corner. It also emails passwords to an overseas account.

However, a new variant has already been released. ‘Lirva C’ is sufficiently different to avoid any antivirus software, although the payload remains the same.

‘This variant is spreading so fast it’s around the world already,” said Raimund Genes, president of operations at Trend Micro.

‘Like Klez it attacks the anti-viral software and in some cases can even shut down protection while leaving the icon visible in the system tray.’

The third worm is far less common but has a far more malicious payload.

Once ‘ExploreZip.E’ gets onto a PC it emails itself out as an attachment in a reply to all read and unread emails in Microsoft Outlook, asking the recipient to read the figures contained in what looks like a standard WinZip file.

Once the mails are sent the worm then overwrites all Microsoft Word, Excel and Powerpoint files on a PC and reduces their size to 0KB.

This make recovery of the information without back-ups very difficult, more so than if the files were simply deleted.

‘We’re keeping a close eye on it as it is so virulent,’ said Jason Holloway, UK manager at F-Secure UK.

‘It’s very well designed to spread across a whole network and, once it gets into a large corporate network, everything gets a copy.’

Share

Subscribe to get your daily business insights

Resources & Whitepapers

Why Professional Services Firms Should Ditch Folders and Embrace Metadata
Professional Services

Why Professional Services Firms Should Ditch Folders and Embrace Metadata

3y

Why Professional Services Firms Should Ditch Folde...

In the past decade, the professional services industry has transformed significantly. Digital disruptions, increased competition, and changing market ...

View resource
2 Vital keys to Remaining Competitive for Professional Services Firms

2 Vital keys to Remaining Competitive for Professional Services Firms

3y

2 Vital keys to Remaining Competitive for Professi...

In recent months, professional services firms are facing more pressure than ever to deliver value to clients. Often, clients look at the firms own inf...

View resource
Turn Accounts Payable into a value-engine
Accounting Firms

Turn Accounts Payable into a value-engine

3y

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
Digital Links: A guide to MTD in 2021
Making Tax Digital

Digital Links: A guide to MTD in 2021

3y

Digital Links: A guide to MTD in 2021

The first phase of Making Tax Digital (MTD) saw the requirement for the digital submission of the VAT Return using compliant software. That’s now behi...

View resource