The characteristics of the e-mail carrying Lirva are variable, as the subject, the message and the name of the attached file are selected from a list of possibilities.
If the user opens the file attached to the e-mail or if Lirva automatically runs itself by exploiting the Internet Explorer vulnerability, it will create several files in the affected computer including copies of the worm. Lirva also creates files and stores them under a random name in the shared files directory in KaZaA. If the IRC program is installed on the affected computer, Lirva modifies the 'script.ini' file.
This worm is also programmed to block antivirus programs and firewalls in order to render the victim's computer defenseless.
Finally, it ensures that it is run every time the computer starts up by modifying an entry in the Windows Registry.
Panda Software's Tech Support service has already registered several incidents caused by this worm and therefore clients are advised to treat e-mails and files received with caution and to update their antivirus solutions from http://www.pandasoftware.com to avoid possible incidents involving Lirva.
From this address, users can also access the company's free, online scanner Panda ActiveScan to disinfect computers that may have been hit by this malicious code.
More detailed information about Lirva is available in Panda Software's Virus Encyclopedia.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.