Network Assoc fights back Lovegate

By : |February 26, 2003 0



MUMBAI: Anti-Virus Emergency Response Team (AVERT), the anti-virus research
division of Network Associates, Inc., has assigned a medium on watch risk assessment to the recently discovered W32/LOVGATE@M, also known as Lovegate.

It replies to messages in the user’s Outlook or Outlook Express inbox. In addition, this worm has a backdoor Trojan component that could enable the attacker to gain remote access into infected systems.

It was first discovered on February 23, 2003 and has been found worldwide, most notably in the UK, Germany, throughout Europe and in Asia Pacific.

Users would not immediately realize they have been infected. Because Lovegate spreads via open network shares, the worm will copy itself to folders and subfolders using the following filenames: fun.exe, images.exe, news_doc.exe, s3msong.exe, pics.exe, billgt.exe, midsong.exe, PsPGame.exe, hamster.exe, setup.exe, tamagotxi.exe, joke.exe, docs.exe, searchurl.exe, card.exe, pics.exe, etc.

Lovegate also drops a 77,824 byte file Trojan component with the file names ILY.DLL, 1.DLL, REG.DLL, TASK.DLL, and opens a backdoor to port 10168 con the computer and would send an email notification to the hacker that the computer has been compromised.

Immediate information and cure for this virus can be found online at the Network Associates AVERT site. Users of McAfee Security anti-virus products should update their systems from that page and use the 4249 DAT files to stop potential damage.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.