What is W32.Lirva.A@mm and how does it affect me?
Due to an increase in submissions, Symantec Security Response has upgraded this threat from a Category 2 to a Category 3 as of January 9, 2003.
W32.Lirva.A is a mass-mailing worm that also spreads by the IRC, ICQ, KaZaA, and open network shares. This worm attempts to terminate antivirus and firewall products. It also emails the cached Windows 95/98/Me dial-up networking passwords to the virus writer.
When Microsoft Outlook receives the worm, the worm takes advantage of a vulnerability that allows the attachment to auto-execute when you read or preview the email. Information on this vulnerability and a patch can be found at http://www.microsoft.com/technet/sec.../MS01-020.asp.
If the day of the month is the 7th, 11th, or 24th, the worm will launch your Web browser to
www.avril-lavigne.com and display a graphic animation on the Windows desktop.
What action can I take from here?
Symantec Security Response posted virus definitions to protect against this threat on January 9, 2003 (via LiveUpdate). All users of Norton AntiVirus who do not have up-to-date virus protection should immediately run LiveUpdate for protection from W32.Lirva.A@mm.
Virus definitions are available via the LiveUpdate feature in the Norton AntiVirus product or the Symantec Security Response Web site.
Sincerely,
Symantec Security Response Team
Symantec Corporation
ok people protect yourselfs..........hutch
