Avril Lavigne Virus Hits the Web | eWeek

Avril Lavigne Virus Hits the Web

Écrit par
Dennis Fisher
Dennis Fisher
Jan 8, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Its been a big week for teen pop singer Avril Lavigne; first she garnered five Grammy nominations and now she has a virus named after her.

A new worm—going by various names, including Avril, Lirva and Naith—is infecting machines in the United States and abroad. In addition to forcing users to visit Lavignes Web site, the worm continues a recent trend among viruses by attempting to disable various anti-virus and firewall products on infected machines.

The worm searches each PCs hard drive for HTML files that may contain e-mail addresses and then uses its own built-in SMTP (simple mail transfer protocol) engine to send copies of itself to whatever addresses it finds. However, initial analyses have found that there may be an error in the code that prevents some copies of the outgoing message from being sent.

The virus exploits a nearly two-year-old vulnerability that can force Microsoft Internet Explorer to execute some e-mail attachments without the users intervention. The worm appears to only infect Windows machines running Microsoft Outlook and mails copies of itself to all of the names in the infected machines Outlook address book.

The text of the e-mail containing the virus is a poor, mistake-filled imitation of a security bulletin from Microsoft Corp. It reads, in part:

“Patch is also provided to subscribed list of Microsoft Tech Support: to apply the patch immediately. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so and do not need to take additional action. Customers who have applied that patch are already protected against the vulnerability that is eliminated by a previously-released patch. Microsoft has identified a security vulnerability in Microsoft IIS 4.0 and 5.0. To prevent from the further buffer overflow attacks apply the MSO-patch.”

MessageLabs Ltd., a British MSP that tracks virus activity, said it has stopped more than 5,000 copies of the virus since Monday. So far, the Lirva worm has shown up in more than 40 countries.

The subject line and attachment name are random.

Its becoming somewhat of a rite of passage for teen idols to have their names attached to a virus. Tennis player Anna Kournikova, singer Britney Spears and singer/actress Jennifer Lopez are three of the celebrities who have had viruses named after them.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.