Weekly Virus Report – Six Worms, a trojan and an MS-DOS Virus

Today’s virus report focuses on six worms -Lirva, Lirva.B, Lirva.C, ExploreZip.N, Lentin.M and Sobig-, a Trojan called Trj/Pornspa.D and an MS-DOS virus called Peito.

Without a doubt the virus that has had the biggest impact this week is the Lirva worm – of which two variants, B and C, have also emerged-. Shortly after appearing, Lirva had already reached third place in the ranking of the viruses most frequently detected by Panda ActiveScan, Panda Software’s free, online antivirus solution.

Lirva spreads rapidly via e-mail, the file- sharing program, KaZaA, the chat applications IRC and ICQ and shared network drives. It is also automatically activated when the message carrying the worm is viewed in Outlook’s Preview Pane. It does this by exploiting a known vulnerability in versions 5.01 and 5.5 of the Microsoft browser Internet Explorer.

Lirva ends many processes in affected computers and steals passwords, which it then sends out to a certain e-mail address. The B and C variants are very similar to the original worm; the main differences being aspects like the size of the file carrying the malicious code.

The fourth worm in today’s virus report is Lentin.M, which reaches computers in an e-mail message with variable characteristics. Lentin.M spreads rapidly and ends many processes in affected computers, causing programs, including antivirus solutions and firewalls, to stop.

The ExploreZip.N worm reaches computers in an e-mail message with an attached file called ZIPPED_FILES. It modifies files created with programs like Word, Excel and Power Point and deletes the content of files with the following extensions: DOC, XLS, PPT, C, CPP, H and ASP.

The final worm we will look at today is Sobig, which spreads to other computers through the usual means of transmission used by viruses. This worm affects Windows computers and is 65,536 bytes in size.

The seventh malicious code in today’s virus report is Pornspa.D, a dialer Trojan that establishes a connection with a toll phone line. It is easy to know if this virus has infected a computer, as it displays an icon in the Windows system tray and creates a shortcut to a file called DATEMAKERSPAIN.EXE on the Desktop.

We are going to close this week’s virus report with Peito, a virus that displays different messages on screen whenever it activates. On certain occasions, selected randomly by the virus, it carries out its most dangerous action: it deletes the content of the hard drive by reformatting the C: drive.




Share this