p2pnet.net News:- Lovgate? That’s going back a while. February 2003, to be precise. But this ‘retro worm,’ as ITWorldCanada describes it, is around again.

Lovgate is a mass mailing and network worm with a backdoor component.

“Apart from the mass mailing functionality this worm can spread through windows shares and steal users’ passwords,” says F-Secure. It also has backdoor capabilities listening in the port 10168, allowing the attacker to perform different actions on the infected machine.

Lovgate.AE and Lovgate.AH are now infecting PCs globally, says ITWorldCanada, going on that the retro arrival, seen as ‘medium risk’ by some security firms, targets Windows apps and will disable antivirus software and security applications on an infected system.

“What this worm does … is it responds automatically to e-mail sent and attaches itself in the reply,” Jeffrey Posluns, chief innovation officer at Toronto-based IT security provider WhiteHat is quoted as saying. “It is a much more likely mechanism to have the recipient of the e-mail open the attachment. The inherent paranoia usually related to attachments is diminished because it is a reply to an e-mail sent.”

He also points out that by modifying an existing e-bug, virus writers can save time: “Most virus writers will modify the virus just enough so that antivirus definitions will not be able to pick them up.”

This entry was posted on Friday, July 9th, 2004 at 6:32 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1654 times