| |
 |
PRESS
RELEASE
Lysaker, 9 January 2003
Norman warns against network and mass-mailer worm Lirva.C
|
|
The data security company Norman ASA now warns against the network and mass-mailer worm W32/Lirva.C@mm, this worm is similar to the W32/Lirva.A worm raised to high virus risk by Norman yesterday. We have reports that the W32/Lirva.C has increased rapidly the last hours.
In contrast to its predecessor, W32/Lirva.A, The Lirva.C worm attempts to download a backdoor program from free web accounts at web host in Kazakhstan. Thanks to prompt action from the website owner these pages are now down. In addition, the worm will find the cached passwords on the infected computer and attempt to email these to the author.
The worm enumerates and kills processes belonging to some anti-virus and firewall programs. This put the user in a serious situation since protection no longer will be available.
When the worm spreads via email the user(s) may be infected by only previewing or opening the mail in Outlook/Outlook Express. This is accomplished using a known security hole "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment".Information and patch is available from:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ security/bulletin/MS01-020.asp
The security hole is a known issue with Internet Explorer versions 5.01 and 5.5 without SP2 . Users who have this configuration should apply the available patch.
Norman's customers have been protected since 7. January by the
W32/ Lirva.A@mm
variant. The worm W32/Lirva.C@mm is detected and removed using definition files released Jan 9th 2003.
We will continue to follow the current situation carefully.
Users are encouraged to update their Norman Virus Control protection to the most recent version.
For more detailed Information about this threat visit: www.norman.com
For further
information, please contact
SAV25
Data Systems
|
|
More
Press Release here |
|
|
|
