The Web    Google
7/29: Lovgate-AK a Mass-Mailing Worm

7/29: Lovgate-AK a Mass-Mailing Worm
July 29, 2004

W32.Lovgate.AK@mm is a variant of W32.Lovgate.W@mm. It performs the following functions:

  • Attempts to reply to all the email messages in the Microsoft Outlook inbox.
  • Scans files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses.
  • Uses its own SMTP engine to send itself to the addresses that it finds.
  • Attempts to copy itself to Kazaa-shared folders and all the computers on a local network.

    The From line of the email is spoofed and the Subject and the Message vary. The attachment name also varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.

    This threat is written in the C++ programming language and is compressed with JDPack, ASPack, and UPX.

    Technical details are at Symantec page.

  • 1/14: Mugly-F Worm Uses Own SMTP Engine
  • Bagle-AA Moves Maliciously into 3rd Place
  • Macromedia, RealNetworks Release Patches
  • More Headaches for Sendmail
  • Cisco Warns of Voice Product Security Flaws
  • Fed Security Systems Receive Failing Grades
  • 1/11: Agobot-OV Worm Connects to IRC Server
  • 9/24: Adware-LesToolbar an Adware Program
  • 12/27: Worm_Santy-F Targets phpBB Applications
  • Trolling For Anti-Phishing Laws
  • SQL Server Security Checklist
  • Computer security background information