When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New worm, Lirva, is spreading

Anyone listens to Avril Lavigne here?

A new e-mail worm that is spreading on the Internet lures victims with a mention of plucky Canadian singer Avril Lavigne, then steals Microsoft Corp. Windows passwords and sends them to e-mail addresses in Russia, according to alerts posted by a number of antivirus software vendors.

The worm, W32/Lirva spreads by retrieving e-mail addresses from a variety of files stored on a computer's hard drive, then sending copies of itself to those addresses in the form of an executable e-mail attachment, according to information posted on the Web site of Helsinki-based security company F-Secure Corp.

Subject lines for infected e-mail include: "Avril Lavigne - the best," "Reply on account for IIS-Security," and "According to Daos Summit," F-Secure said.

In addition to stealing passwords, the worm launches -- on the seventh, 11th, and 24th of any month -- Internet Explorer, connects to an Avril Lavigne Web site (www.avril-lavigne.com), and displays a colored graphic on the infected computer's desktop with the message:

"Avril_Lavigne_Let_Go - My_Muse : ) 2002 (c) Otto von Gutenberg."

The worm, which only affects Microsoft Corp. Windows operating systems, is contained in a wide range of attachments including "AvrilSmiles.exe," "AvrilLavigne.exe," "resume.exe," and "Readme.exe," F-Secure said.

News source: ITWorld - New worm, Lirva, is spreading

Report a problem with article
Next Article

AT&T snafu hits access to Microsoft Web services

Previous Article

MSN Messenger Down Again?