<<<
Friday, July 2, 2004
>>>
 
A new Lovgate variant going around Posted by Mikko @ 19:08 GMT

We've received some isolated reports of Lovgate.AE, but not enough to raise a Radar Alert about it. This is yet another Lovgate variant, spreading over email, Windows shares and the old RPC DCOM vulnerability. It installs a backdoor which can be used by the virus author to control all the infected machines.

The email replication part is nasty, as the virus tries to reply to all unread messages in Outlook inbox and then delete them, before the user has a change to see them. It might append a poem from Rudyard Kipling to the replies it generates. The virus also renames all .EXE files to .ZMX, making recovery a bit laborious.

This variant is also known as Lovgate.AD and Lovgate.Y, depending on the vendor. We detect it as I-Worm.Lovgate.ae.







<<< HangUp <-> Padodor link
|
New Lovgate, new Bagle >>>