Avril Worm May Makes Things Complicated

Anti-virus firm Sophos Wednesday warned of a new
mass-mailing worm that pays tribute to Canadian pop singer Avril Lavigne.

An alert
from Lynnfield, Mass.-based Sophos said the Avril/Livra (W32/Avril-A) worm was found in the wild piggybacking on known iFrame vulnerabilities in Microsoft Outlook.

Once executed, the worm opens the user’s IE browser on the official Avril
Lavigne Web site on the 7th, 11th and 24th of the month, Sophos said. The
worm uses the iFrames bug in Outlook to forward itself to all e-mail
addresses in Outlook, regardless of whether the e-mail attachment is opened
or not.

Microsoft has already patched the Outlook hole (download fix
here
).

The ‘Avril’ worm uses the subject line Fw: Avril Lavigne – the
best
. Once the attachment is run, Sophos said the worm attempts to
disable the user’s anti-virus software and takes over the infected screen
with a series of colored ellipses. It also searches for e-mail addresses in
all HTML files on an infected system and send copies of itself to those
addresses.

System admins are urged to update corporate anti-virus software to detect
and intercept the worm and suggested all Windows programs be blocked at
corporate e-mail gateways. “Some e-mail applications can be configured to do
this. It is rarely necessary to allow users to receive programs via email.
There is so little to lose, and so much to gain, simply by blocking all
mailed-in programs, regardless of whether they contain viruses or not,”
Sophos said.

It’s not the first time virus writers have targeted pop stars or
celebrities with e-mail worms. In the past, viruses have used the names of
singer/actress Jennifer Lopez, tennis player Anna Kournikova and even former
president Bill Clinton.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web