Latest Lovgate wreaking havoc
Published: 8 July 2004 09:10 GMT
The latest variant of the Lovgate worm scans PCs for executable files and then renames them, a tactic used by viruses from a much older generation, according to antivirus companies.
The Lovgate worm first appeared in February 2003 and has since mutated many times. The most recent versions of the worm - Lovgate.AE and Lovgate.AH - were discovered on Sunday. They spread by emailing themselves to addresses found on an infected machine and then open a "back door" to give control of the infected system to an attacker. Finally, the worms scan for vulnerable PCs connected to the infected system's local network - using the same Windows vulnerability exploited by the MSBlast worm almost a year ago.
The most important difference is the worm's destructive nature. Although the latest Lovgate worm does not delete any user data - such as documents or spreadsheets - it replaces executable files (with the .exe extension) on the local hard drive with further copies of itself. This process can leave an infected computer effectively useless because it is unable to run any applications.
Carole Theriault, security consultant at antivirus firm Sophos, said the latest Lovgates are "ancient-style viruses" because they are so destructive.
"Five years ago this was the main way viruses spread - they got in a system and changed everything, leaving the victim with a useless piece of kit that needed to be restored using a back-up," said Theriault.
Finnish antivirus firm F-Secure warned that Lovgate is capable of destroying most of the executable files on an infected computer.
"The virus might do this renaming operation to hundreds of .exe files in one go. The end result is that instead of finding one or two infected files, the user will find masses of them. With Lovgate, this is normal," the company reported on its labs web log.
Antivirus firm McAfee's Emergency Response Team increased the threat level of the new Lovgate variants to "medium" after discovering more than 100 samples of the worm within the first 24 hours of its discovery.
As ever, users are advised not to open email attachments unless they are absolutely sure they are safe and to ensure Windows and other applications are kept up to date with the latest patches.
Munir Kotadia writes for ZDNet UK
As a Linux administrator your duties will include but not be limited to: Set-up files storage with the proper permissions Provide security and ...
Visual Files Developer / Visualfiles Development - Northwest Salary: Good DOE Location: Northwest Position Type: Permanent Superb opportunity within ...
My client is looking for a Visual Files Developer to work on an ongoing project for 6 months. You will be able to demonstrate several years ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy