Printer Friendly
The Free Library
4,630,284 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Computer virus year 2003 started with a bang.


F-Secure (www.F-Secure.com) is alerting computer users as four new Internet See Web 2.0 and Internet2.  worms are crawling across the globe. These new Windows worms were found on Jan. 8 and 9, and they are known as (in order of appearance) as Lirva.A, ExploreZip.E, Lirva.B and Sobig.

"Several new viruses are found every day, there's nothing special with that," said Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "But it is not normal to find four new viruses which are all successfully spreading in the wild within two days."

F-Secure Corporation has released a Level-2 Radar alert Radar alert

Close monitoring of trading patterns in a company's stock by senior managers to uncover unusual buying activity that might signal a takeover attempt. See: Shark watcher.  on all these viruses, indicating that system administrators and end users should make sure their systems are protected. Level 2 is the second highest severity under F-Secure Radar alerting system. F-Secure issued 27 Level 2 alerts during all of year 2002 (and two Level 1 alerts).

"Apart from the two Lirva variants, these viruses are not related to each other; this does not seem to be a coordinated attack," commented Hypponen. "It seems we just got a really bad start for this year."

Information of the four viruses follows:

Lirva.A

Lirva (or Arvil) is a mass-mailing worm that uses several methods to spread. Besides email the worm uses ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online.  and IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel.  chat networks and Kazaa file sharing network to spread. It also propagates through shared folders and Windows network drives. Lirva has functionality to disable several antivirus and security applications if it notices their presence. If the worm is active in the system it tries to steal passwords and send them to an external email address.

E-mails sent by Lirva vary, but they often make references to Avril Lavigne, Canadian rocker who was nominated for five Grammy awards this week. The virus was apparently written by a Kazakhstan-based fan of the artist. When Lirva worm activates, it tries to open the official web site of Avril Lavigne and starts a graphical screen effect consisting of colored, moving circles.

Lirva.B

Functionally Lirva.B is very close to the original Lirva virus. It has been modified to evade detection of some anti-virus software. Another difference is that Lirva.B fakes the sender address of infected e-mails, replacing the address of the infected user with the e-mail address of a random innocent bystander by·stand·er  
n.
A person who is present at an event without participating in it.

bystander
Noun

a person present but not involved; onlooker; spectator

Noun 1. . The real e-mail address of the infected user can often be found from the e-mail's "Return-Path" header.

ExploreZip.E

ExploreZip is an internet worm which was first found in June 1999. The original version (ExploreZip.A) spread all over the globe within days of initial discovery, becoming first of the really widespread Internet worms. After this, several modified versions of this worm have been found.

On the January 8, 2003, three and half years after its progenitor pro·gen·i·tor
n.
1. A direct ancestor.

2. An originator of a line of descent.


progenitor

ancestor, including parent.

progenitor cell
stem cells.  was first seen, ExploreZip.E was found. This version was modified so that it was undetectable to most anti-virus programs, although the worm functionality had stayed the same. All of the ExploreZip variants spread as an e-mail attachment and activate by destroying Microsoft Office documents and source code files from infected computers and from local networks. The worm modifies an infected computer so that the worm will reply to unread e-mails, sending dummy e-mail replies with an infected attachment.

Sobig

Sobig is an e-mail and network worm, sending itself around as a PIF (Program Information File) A data file in Windows 3.x and NT that stores window settings for DOS applications. It allows screen size, fonts and other options to be selected in order to customize the way the DOS app appears under Windows.  e-mail attachment. The worm has remote control functionality through which the virus writer can control infected computers.

Detailed technical descriptions of these worms as well as a screenshot See screen shot.  of the Lirva virus activation circle routine are available in the F-Secure Virus Description database at http://www.f-secure.com/v-descs/.

F-Secure Corporation is a developer of centrally managed security solutions for the mobile enterprise. The company's award-winning, integrated anti-virus, file encryption and network security solutions for handhelds, laptops, desktops, servers, mail servers and firewalls provide centralized policy based management of widely dispersed user communities. Founded in 1988, F-Secure is listed on the Helsinki Stock Exchange “HEX” redirects here. For other uses, see HEX (disambiguation).
For the numeral system, Hex, see Hexadecimal

For Wikipedia's help pages, see .  (HEX: FSC FSC

See: Foreign Sales Corporation ). Corporate headquarters is in Helsinki, Finland with North American North American

named after North America.

North American blastomycosis
see North American blastomycosis.

North American cattle tick
see boophilusannulatus.  headquarters in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. . The company maintains offices in Germany, Japan, Sweden and the United Kingdom, and is supported by a network of VARs and distributors in more than 90 countries around the globe.
COPYRIGHT 2003 Millin Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:EDP Weekly's IT Monitor
Geographic Code:4EUFI
Date:Jan 20, 2003
Words:699
Previous Article:PeopleSoft extends industry-leading financial management solutions.
Next Article:Zeevo's single chip Bluetooth solution gains designed for Windows XP logo.(Brief Article)
Topics:



Related Articles
Health care for computers: protect your computer and your business from viruses. (includes a description of three products to help)(Buyers Guide)
Costs of Virulent Computer Bug Continue to Accumulate.(Nimda worm affects computer networks, tips for avoiding future problems)(Brief Article)
The return of "Magistr." (VIRUS NOTES).(computer virus reported in Spain)
Nothing to fear from Mellssa-X, says Sophos. (Security Supplement).(Brief Article)
2001 anti virus review: Kaspersky Labs presents a year-end review of events taking place in anti-virus safety. (Security).
"Donut virus". (News).
600-700 New viruses a month to target e-mail messaging. (Virus Notes).(Brief Article)
Lessons from worm week: new Internet attacks require constant vigilance.(The Online Edge)
Defining a computer virus.(Security)
Cellery worm plays Tetris.(report on action game)(Brief Article)

Terms of use | Copyright © 2008 Farlex, Inc. | Feedback | For webmasters | Submit articles