| VID |
24060 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The backdoor file(s) of the W32.Lovgate worm is detected from the network-shared folders in the Windows system, which may have been infected the worm.
To spread itself, the worm attempts to reply to incoming email messages and to email addresses that it finds in HTML files. The subject and attachment of the incoming email are chosen from a predefined list. The attachment will have a .exe, .pif, or .scr file extension. W32.Lovgate also attempts to copy itself to all the computers on a local network, and then attempts to infect these computers. The worm also has a backdoor Trojan capability.
When W32.Lovgate is executed, it copies itself to all the network-shared folders and subfolders as any of the following:
- Are you looking for Love.doc.exe
- autoexec.bat
- The world of lovers.txt.exe
- How To Hack Websites.exe
- Panda Titanium Crack.zip.exe
- Mafia Trainer!!!.exe
- 100 free essays school.pif
- AN-YOU-SUCK-IT.txt.pif
- Sex_For_You_Life.JPG.pif
- CloneCD + crack.exe
- Age of empires 2 crack.exe
- MoviezChannelsInstaler.exe
- Star Wars II Movie Full Downloader.exe
- Winrar + crack.exe
- SIMS FullDownloader.zip.exe
- MSN Password Hacker and Stealer.exe
* References:
http://www.cert.org/advisories/CA-2003-08.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.c@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.g@mm.html
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove it from the infected computer by using a anti-virus program (vaccine program).
If you do not have an anti-virus program installed, download and install one of these virus scanners:
Norton AntiVirus: http://www.symantec.com/downloads/
McAfee VirusScan: http://download.mcafee.com/default.asp
Trend Micro PC-Cillin: http://www.antivirus.com/pc-cillin/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
