We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Lavigne worm alert

Lirva virus is spreading

Emails with subject lines containing the name of chart-topping singer Avril Lavigne are unleashing a worm virus when opened. The bug, call Lirva, then steals cached passwords and sends them to an email address in Russia according to alerts posted by a number of antivirus software vendors.

Lirva spreads by retrieving email addresses from a variety of files stored on a computer's hard drive, then sending copies of itself to those addresses in the form of an executable email attachment. Although the recipient doesn't have to click on the EXE file to activate the virus, instead it uses a vulnerability in Internet Explorer-based email clients to execute the attachment automatically, according to Trend Micro.

Subject lines for infected email include: 'Avril Lavigne — CHART ATTACK'; 'Have U requested Avril Lavigne bio?' and 'Reply on account for Incorrect MIME-header', according to Trend Micro.

In addition to stealing passwords, the worm launches Internet Explorer on the seventh, 11th, and 24th of any month, connects to an Avril Lavigne website www.avril-lavigne.com, and displays a graphic on the infected computer's desktop with the message: "Avril_Lavigne_Let_Go — My_Muse : ) 2002 (c) Otto von Gutenberg".

The worm, which only affects Windows operating systems, is contained in a wide range of attachments including AvrilSmiles.exe, AvrilLavigne.exe, resume.exe, and
Phantom.exe, according to Trend Micro.

The virus also poses as a Microsoft security patch stored in attachments named 'MSO-Patch-0071.exe' and 'MSO-Patch-0035.exe', among many others, according to Sophos.

Microsoft has already released patches for the Internet Explorer vulnerability Lirva exploits and these can be downloaded from its website here and here.

In addition to piggybacking email messages, Lirva is capable of spreading over computer networks and the Kazaa peer-to-peer network by copying itself to shared folders on other computers or tricking users into downloading and running it. The worm is also able to disseminate itself over IRC (internet relay chat) networks, according to Trend Micro.

The new worm is currently rated low risk by Symantec and medium risk on McAfee's website. Trend Micro has issued a yellow alert and is providing more information here.

Antivirus software companies provided updated virus profiles for the Lirva worm and recommended that their customers update their antivirus software to include the new profiles.

Most vendors also provided instructions and software utilities for removing the virus from machines that have already been infected.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Stop running out of cellular data on your iPhone, see which apps use the most data