Anyone listens to Avril Lavigne here?
A new e-mail worm that is spreading on the Internet lures victims with a mention of plucky Canadian singer Avril Lavigne, then steals Microsoft Corp. Windows passwords and sends them to e-mail addresses in Russia, according to alerts posted by a number of antivirus software vendors.
The worm, W32/Lirva spreads by retrieving e-mail addresses from a variety of files stored on a computer's hard drive, then sending copies of itself to those addresses in the form of an executable e-mail attachment, according to information posted on the Web site of Helsinki-based security company F-Secure Corp.
Subject lines for infected e-mail include: "Avril Lavigne - the best," "Reply on account for IIS-Security," and "According to Daos Summit," F-Secure said.
In addition to stealing passwords, the worm launches -- on the seventh, 11th, and 24th of any month -- Internet Explorer, connects to an Avril Lavigne Web site (www.avril-lavigne.com), and displays a colored graphic on the infected computer's desktop with the message:
"Avril_Lavigne_Let_Go - My_Muse : ) 2002 (c) Otto von Gutenberg."
The worm, which only affects Microsoft Corp. Windows operating systems, is contained in a wide range of attachments including "AvrilSmiles.exe," "AvrilLavigne.exe," "resume.exe," and "Readme.exe," F-Secure said.
News source: ITWorld - New worm, Lirva, is spreading
