Panda Software reports the appearance of Lirva, a new and potentially fast-spreading worm
Posted on 08.01.2003
Panda Software's Virus Laboratory has detected the appearance of a new worm Lirva (W32/Lirva). This new malicious code has the capacity to spread using various means of transmission, including e-mail, the file swapping tool KaZaA and the IRC and ICQ chat programs. When Lirva is sent via e-mail, it exploits a known vulnerability in Microsoft Internet Explorer to run automatically when the message carrying the malicious code is viewed in the Preview Pane.

The characteristics of the e-mail carrying Lirva are variable, as the subject, the message and the name of the attached file are selected from a list of possibilities.

If the user opens the file attached to the e-mail or if Lirva automatically runs itself by exploiting the Internet Explorer vulnerability, it will create several files in the affected computer including copies of the worm. Lirva also creates files and stores them under a random name in the shared files directory in KaZaA. If the IRC program is installed on the affected computer, Lirva modifies the 'script.ini' file.

This worm is also programmed to block antivirus programs and firewalls in order to render the victim's computer defenseless.

Finally, it ensures that it is run every time the computer starts up by modifying an entry in the Windows Registry.

Panda Software's Tech Support service has already registered several incidents caused by this worm and therefore clients are advised to treat e-mails and files received with caution and to update their antivirus solutions from http://www.pandasoftware.com to avoid possible incidents involving Lirva.

From this address, users can also access the company's free, online scanner Panda ActiveScan to disinfect computers that may have been hit by this malicious code.

More detailed information about Lirva is available in Panda Software's Virus Encyclopedia.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //