Yeah, I heard about this on the radio and instantly thought of Spike. Wonder if he's caught it yet

---

by Lori
Yeah, I heard about this on the radio and instantly thought of Spike. Wonder if he's caught it yet

---

If not him, me

oooh someone give me the virus please

---

by SPIKE
oooh someone give me the virus please

---

Knowing, from previous posts, that you run a anti-virus scanner you won't get it.

Most AV scanners (including the one you have) have already been updated to catch this.

The virus in question isn't destructive, but it isn't very nice... But then in my line of work I've yet to find one that is.

---

Description:



This memory-resident, mass-mailing worm propagates via email, mapped network-shared drives, Internet Relay Chat or IRC, ICQ and the peer-to-peer file-sharing network of Kazaa.

To propagate via email, it uses its own Simple Mail Transfer Protocol or SMTP engine to send itself to all target recipients listed in the infected system's Windows Address Book (WAB). It also gathers email recipients from files with the following extensions:

IDX
NCH
SHTML
TBB
HTM
WAB
MBX
DBX
The details of the email that it arrives with are as follows:

Subject: (any of the following)
Fw: Redirection error notification
Re: Brigada Ocho Free membership
Re: According to Purge's Statement
Fw: Avril Lavigne - CHART ATTACK!
Re: Reply on account for IIS-Security Breach (TFTP)
Re: ACTR/ACCELS Transcriptions
Re: IREX admits you to take in FSAU 2003
Fwd: Re: Have U requested Avril Lavigne bio?
Re: Reply on account for IFRAME-Security breach
Fwd: Re: Reply on account for Incorrect MIME-header
Re: Vote seniors masters - don't miss it!
Fwd: RFC-0245 Specification requested...
Fwd: RFC-0841 Specification requested...
Fw: F. M. Dostoyevsky "Crime and Punishment"
Re: Junior Achievement
Re: Ha perduto qualque cosa signora?

Message Body: (any of the following)

AVRIL LAVIGNE - THE BEST
Avril Lavigne's popularity increases:
SO: First, Vote on TRL for I'm With U!
Next, Update your pics database!
Chart attack active list.
Orginal Message:

Or

Network Associates weekly report:
Microsoft has identified a security vulnerability in MicrosoftIIS 4.0 and 5.0 that is eliminated by a previously-released patch.
Customers who have applied that patch are already protected against the vulnerability and do not need to take additional action.
Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately.
Patch is also provided to subscribed list of Microsoft Tech Support:

Or

AVRIL LAVIGNE - THE CHART ATTACK!
Vote fo4r Complicated!
Vote fo4r Sk8er Boi!
Vote fo4r I'm with you!
Chart attack active list:

Or

Restricted area response team (RART)
Attachment you sent to is intended to overwrite start address at 0000:HH4F
To prevent from the further buffer overflow attacks apply the MSO-patch

Attachment: (any of the following)
Resume.exe
ADialer.exe
MSO-Patch-0071.exe
MSO-Patch-0035.exe
Two-Up-Secretly.exe
Transcripts.exe
Readme.exe
AvrilSmiles.exe
AvrilLavigne.exe
Complicated.exe
TrickerTape.exe
Sophos.exe
Cogito_Ergo_Sum.exe
CERT-Vuln-Info.exe
Sk8erBoi.exe
IAmWiThYoU.exe
Phantom.exe
EntradoDePer.exe
SiamoDiTe.exe
BioData.exe
ALavigne.exe

It does not require the email receiver to open the attachment for it to execute. It exploits a vulnerability in Internet Explorer-based email clients to execute the file attachment automatically, known as Automatic Execution of Embedded MIME type.

More information about this vulnerability is available at MicrosoftÂ’s Security Bulletin.

This malware also retrieves cached passwords and sends them to a specific email address. It is also capable of terminating certain antivirus programs.

Upon execution, this malware may terminate the Explorer process, thus hiding the taskbar and desktop icons.

On the 7th, 11th and 24th of every month, it opens the default browser to www.avril-lavigne.com and displays shapes and text message on screen.

The UPX-compressed worm runs on Windows 95, 98 and ME while the uncompressed file runs on Windows 95, 98, ME, NT, 2000 and XP.

---

---

by gobstopper
(quotes)


The virus in question isn't destructive, but it isn't very nice... But then in my line of work I've yet to find one that is.

(quotes)

---

yeah but its got a cool name and every month it takes you to her official website when you log onto the net. Not many other viruses have good qualities too.

Looks like this one slipped through our workplace today as we had something called complicated.exe popping up.

Hopefully its ok, but on reading the above it never showed up as a virus which is unusual cause the AV is normally bang up to date at work.

---

by gobstopper
This memory-resident, mass-mailing worm...

---

Now that's not a nice way to describe Avril...

---

by PictureOfFlowers
(quotes)

Now that's not a nice way to describe Avril...

---

Oi!!! *slap*

---

by PictureOfFlowers
(quotes)

Now that's not a nice way to describe Avril...

---

But it is pretty accurate