Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- January 7, 2003
- Updated:
- February 13, 2007 11:42:07 AM
- Also Known As:
- W32/Avril-A [Sophos], W32/Lirva.b@MM [McAfee], WORM_LIRVA.A [Trend], Win32.Lirva.A [CA], I-Worm.Avron.c [KAV], Lirva [F-Secure]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
- CVE References:
- CVE-2001-0154
NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from a Category 3 to a Category 2 as of February 28, 2003.
W32.Lirva.A is a mass-mailing worm that also spreads by IRC, ICQ, KaZaA, and open network shares. This worm attempts to terminate antivirus and firewall products. It also emails the cached Windows 95/98/Me dial-up networking passwords to the virus writer.
When Microsoft Outlook receives the worm, the worm takes advantage of a vulnerability that allows the attachment to auto-execute when you read or preview the email. Information on this vulnerability and a patch can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.
If the day of the month is the 7th, 11th, or 24th, the worm will launch your Web browser to www.avril-lavigne.com and display a graphic animation on the Windows desktop.
Antivirus Protection Dates
- Initial Rapid Release version January 7, 2003
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version January 7, 2003
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date January 7, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Medium
- Number of Infections: More than 1000
- Number of Sites: More than 10
- Geographical Distribution: High
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: High
Writeup By: Atli Gudmundsson
