Wednesday, May 19, 2004

W32/Lovgate.ab@MM - Mass Mailer Worm

Like its predecessors, W32/Lovgate.ab@MM is a Medium Risk mass-mailing worm inside an email attachment that when run:

Drops a dangerous backdoor on an infected machine that can allow a remote hacker to steal information.

Infects executable programs.

Tries to disable anti-virus and security software.

Emails itself to a) stolen contacts or b) as replies to unread MS Outlook or Outlook

Express messages on the infected machine, spoofing the "from: field".

Note: McAfee VirusScan proactively detects and blocks W32/Lovgate.ab@MM's backdoor component (BackDoor-AQJ).

Up-to-date McAfee VirusScan users with DAT 4361 are protected from this threat.


WHAT TO LOOK FOR:

FROM: Varies (forged addresses taken from infected system).

SUBJECT: Re: (original subject)

BODY: Varies.

ATTACHMENT: The worm may be attached with one of the following file extensions:
EXE
SCR
PIF
CMD
BAT
When replying to unread Outlook or Outlook Express messages, the worm may be attached with a variety of filenames. Examples:
the hardcore game-.pif
Sex in Office.rm.scr
Deutsch BloodPatch!.exe

Links to this post:

Create a Link

<< Home