Si ce virus est exécuté, il désactivera la plupart des antivirus du marché et bien sur, se propagera à tout vos correspondants. L’autre particularité de ce programme malin est que si l’on est le 7, le 11 ou le 24 d'un mois au moment de l'infection, le virus ouvre la page Web de la chanteuse Avril Lavigne.
Titres de message :
• Fw: Prohibited customers...
• Re: Brigade Ocho Free membership
• Re: According to Daos Summit
• Fw: Avril Lavigne - the best
• Re: Reply on account for IIS-Security
• Re: ACTR/ACCELS Transcriptions
• Re: The real estate plunger
• Fwd: Re: Admission procedure
• Re: Reply on account for IFRAME-Security breach Fwd:
• Re: Reply on account for Incorrect MIME-header
Exemples de fichiers joints dont la taille est de 32 766 octets :
• Resume.exe
• Download.exe
• MSO-Patch-0071.exe
• MSO-Patch-0035.exe
• Two-Up-Secretly.exe
• Transcripts.exe
• Readme.exe
• AvrilSmiles.exe
• AvrilLavigne.exe
• Complicated.exe
• Singles.exe
• Sophos.exe
• Cogito_Ergo_Sum.exe
• CERT-Vuln-Info.exe
• Sk8erBoi.exe
• IAmWiThYoU.exe
Trois corps de messages sont possibles :
• "Avril fans subscription FanList admits you to take in Avril Lavigne 2003 Billboard awards ceremony Vote for I'm with you! Admission form attached below"• "Restricted area response team (RART) Attachment you sent to is intended to overwrite start address at 0000:HH4F To prevent from the further buffer overflow attacks apply the MSO-patch"
• "Microsoft has identified a security vulnerability in Microsoft® IIS 4.0 and 5.0 that is eliminated by a previously-released patch. Customers who have applied that patch are already protected and do not need to take additional action. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately. Patch is also provided to subscribed list of Microsoft®Tech Support:"
