| VID |
24061 |
| Severity |
40 |
| Port |
10168,1192,20168 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The backdoor of the W32.Lovgate worm seems to be installed on the system, which backdoor is listening on one of TCP ports 10168, 1192, or 20168, and opens a command prompt on the port.
To spread itself, the worm attempts to reply to incoming email messages and to email addresses that it finds in HTML files. The subject and attachment of the incoming email are chosen from a predefined list. The attachment will have a .exe, .pif, or .scr file extension. W32.Lovgate also attempts to copy itself to all the computers on a local network, and then attempts to infect these computers. When W32.Lovgate is executed, it copies itself to all the network-shared folders and subfolders as any of the following:
- Are you looking for Love.doc.exe
- autoexec.bat
- The world of lovers.txt.exe
- How To Hack Websites.exe
- Panda Titanium Crack.zip.exe
- Mafia Trainer!!!.exe
- 100 free essays school.pif
- AN-YOU-SUCK-IT.txt.pif
- Sex_For_You_Life.JPG.pif
- CloneCD + crack.exe
- Age of empires 2 crack.exe
- MoviezChannelsInstaler.exe
- Star Wars II Movie Full Downloader.exe
- Winrar + crack.exe
- SIMS FullDownloader.zip.exe
- MSN Password Hacker and Stealer.exe
* References:
http://www.cert.org/advisories/CA-2003-08.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.c@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.g@mm.html
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove it from the infected computer by using a anti-virus program (vaccine program).
If you do not have an anti-virus program installed, download and install one of these virus scanners:
Norton AntiVirus: http://www.symantec.com/downloads/
McAfee VirusScan: http://download.mcafee.com/default.asp
Trend Micro PC-Cillin: http://www.antivirus.com/pc-cillin/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
