WORM_LIRVA.C in rapida espansione!

Data pubblicazione: 11/01/2003

Descrizione: Un nuovo Worm di nome LIRVA.C stà seminando il panico in rete....
Alias:I-Worm.Avron.b, Win32/Naith.C@mm, W32.Lirva.C@mm, W32/Avril-B

...arriva tramite email,shared drives, Internet Relay Chat o IRC, ICQ e programmi peer-to-peer file-sharing network come Kazaa,morpheus ecc.ecc. ....

Classificato a Medio rischio da TRENDMICRO.COM, questo Worm risulta molto fastidioso provocando un rallentamento dell'intero sistema sino a livelli di inoperabilità, oltre a tentare connessioni ripetute e automatiche...

Sfrutta una vulnerabilità della versione 5.01 di Internet Explorer, ma per sicurezza è bene che tutti aggiorniate il vostro antivirus

Soggetto: (uno dei seguenti)


Fw: Redirection error notification
Re: Brigada Ocho Free membership
Re: According to Purge's Statement
Fw: Avril Lavigne - CHART ATTACK!
Re: Reply on account for IIS-Security Breach (TFTP)
Re: ACTR/ACCELS Transcriptions
Re: IREX admits you to take in FSAU 2003
Fwd: Re: Have U requested Avril Lavigne bio?
Re: Reply on account for IFRAME-Security breach
Fwd: Re: Reply on account for Incorrect MIME-header
Re: Vote seniors masters - don't miss it!
Fwd: RFC-0245 Specification requested...
Fwd: RFC-0841 Specification requested...
Fw: F. M. Dostoyevsky "Crime and Punishment"
Re: Junior Achievement
Re: Ha perduto qualque cosa signora?

Messaggio (uno dei seguenti)

AVRIL LAVIGNE - THE BEST
Avril Lavigne's popularity increases:
SO: First, Vote on TRL for I'm With U! Next, Update your pics database! Chart attack active list. Orginal Message:

Oppure


Network Associates weekly report: Microsoft has identified a security vulnerability in MicrosoftIIS 4.0 and 5.0 that is eliminated by a previously-released patch. Customers who have applied that patch are already protected against the vulnerability and do not need to take additional action. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately. Patch is also provided to subscribed list of Microsoft Tech Support:

Oppure

AVRIL LAVIGNE - THE CHART ATTACK! Vote fo4r Complicated! Vote fo4r Sk8er Boi! Vote fo4r I'm with you! Chart attack active list:

Oppure

Restricted area response team (RART) Attachment you sent to is intended to overwrite start address at 0000:HH4F To prevent from the further buffer overflow attacks apply the MSO-patch

Attachment o allegato:(uno dei seguenti)

Resume.exe
ADialer.exe
MSO-Patch-0071.exe
MSO-Patch-0035.exe
Two-Up-Secretly.exe
Transcripts.exe
Readme.exe
AvrilSmiles.exe
AvrilLavigne.exe
Complicated.exe
TrickerTape.exe
Sophos.exe
Cogito_Ergo_Sum.exe
CERT-Vuln-Info.exe
Sk8erBoi.exe
IAmWiThYoU.exe
Phantom.exe
EntradoDePer.exe
SiamoDiTe.exe
BioData.exe
ALavigne.exe

Maggiori informazioni nonchè la soluzione alla rimozione del virus le trovate su http://www.trendmicro.com

Link utile: http://www.trendmicro.com