X

Virus gets on board with Avril Lavigne

A new e-mail worm, dubbed Lirva, is successfully spreading by dropping the name of teen skate-punk singer Avril Lavigne.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
2 min read
She may just be a skater girl, but teen singer Avril Lavigne now has the dubious honor of having a successful computer virus pay homage to her.

A new e-mail worm--dubbed Avril, Lirva and Naith by various antivirus companies--not only spreads by hitching a ride on e-mail messages that may refer to the 17-year-old Lavigne, but when activated, will also open a browser to the singer's official Web site.

"It has really ramped up today," said John Harrington, marketing director for e-mail service provider MessageLabs. The company stopped fewer than 1,000 e-mail messages from carrying the virus to its customers Tuesday, and more than 9,000 today, he said. "Based on that, it appears that it is taking off."

The virus, which generally arrives as an e-mail attachment, can infect any PC running Microsoft's Windows operating system. Moreover, computers that haven't been updated in the last two years with the patch for an old Windows problem could be infected automatically, without the user doing anything but viewing the e-mail message. Computers running the Macintosh operating system and Linux are not affected.

When triggered, the mass-mailing worm attempts to disable most antivirus and security software that may be protecting a user's PC. Then the worm searches the Windows address book and various files for e-mail addresses and sends messages to each one with itself attached.

Some of the messages have Lavigne-related subject lines--such as "Fw: Avril Lavigne--CHART ATTACK!"--while others have one of nearly a dozen other subject lines unrelated to the singer. The body of the message and the file attachment name may or may not appear to be related to the singer, according to an advisory posted on the Web site of security software firm Symantec.

If the day of the month is 7, 11 or 24, the worm will open the default Web browser and attempt to connect to Avril Lavigne's official Web site.

While the code doesn't delete data, it will attempt to download a backdoor program from Kazakhstan and send any passwords to a Russian e-mail account.

The program also tries to spread using the chat programs ICQ and mIRC and places a randomly named copy of itself in a system's Kazaa folder, if the music file-swapping software has been installed.

Kevin Haley, group product manager at Symantec Security Response, said the company believes the worm will spread--but not significantly. "We expect to see it for a while, but it is not a big spike," he said. "Of course, things could change."

Lavigne has been nominated for five Grammy awards this year, including a nomination as best new artist. Lavigne joins other stars in gaining the attention of virus writers, including Anna Kournikova, Britney Spears, Jennifer Lopez and Shakira.