The Web    Google
7/29: Lovgate-AK a Mass-Mailing Worm

7/29: Lovgate-AK a Mass-Mailing Worm
July 29, 2004

W32.Lovgate.AK@mm is a variant of W32.Lovgate.W@mm. It performs the following functions:

  • Attempts to reply to all the email messages in the Microsoft Outlook inbox.
  • Scans files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses.
  • Uses its own SMTP engine to send itself to the addresses that it finds.
  • Attempts to copy itself to Kazaa-shared folders and all the computers on a local network.

    The From line of the email is spoofed and the Subject and the Message vary. The attachment name also varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.

    This threat is written in the C++ programming language and is compressed with JDPack, ASPack, and UPX.

    Technical details are at Symantec page.

  • How Long Must You Wait for an Anti-Virus Fix?
  • 4/6: Mydoom-AJ Worm Uses Email
  • Virus Alert: Worm Spreads Via Hidden System Shares
  • Virus-Powered Phishing Unleashed
  • 9/7: Rbot-FL a Network Worm, Backdoor Trojan
  • 1/5: Rbot-SQ Worm Has Backdoor Abilities
  • 4/5: Mytob-W Worm Takes Remote Orders
  • 6/28: Rbot-CA Allows Remote Access
  • A case study in security incident forensics and response.
  • AntiOnline Spotlight: Network Security Made Easy?
  • Biometrics Makes Passwords Positively Paltry
  • Security Camera Related Information