It's not a biggy... not yet anyway...
Published: 24 February 2003 16:26 GMT
Anti-virus vendors are warning internet users to look out for yet another worm - the second to strike this month.
Called Lovgate, the worm has three variants (A,B and C), and is slightly more difficult to spot than the earlier 'Catherine Zeta Jones' malware, as emails carrying it come with random subject lines and contain attachments with a range of file names.
From the copies so far intercepted, the email body text may contain the words, "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!"
The file attachment is written in Microsoft Visual C/C++ and is compressed using ASPack and is 78,848 bytes in size, according to anti-virus specialist MessageLabs. Attachment file names may include: BILLGT.EXE, CARD.EXE, DOCS.EXE, FUN.EXE, HAMSTER.EXE, HUMOR.EXE, IMAGES.EXE, JOKE.EXE, MIDSONG.EXE, NEWS_DOC.EXE, PICS.EXE, PSPGAME.EXE, S3MSONG.EXE, SEARCHURL.EXE, SETUP.EXE, TAMAGOTXI.EXE.
According to the company's initial analysis, Lovgate is a mass-mailing worm that incorporates an SMTP engine and a backdoor component.
In a statement released this morning, MessageLabs said that although the virus contains an SMTP engine, it attempts to connect to a host on the internet (SMTP.163.COM) to deliver its email. When activated, the virus may try to reply to any emails it finds in the recipient's in-box, attaching itself to the email.
MessageLabs added that it also appears to be able to harvest passwords from the recipient's machine, which may then be emailed to a number of email contacts.
According to Trend Micro, a notification message is sent to two addresses: 54love@fescomail.net and hacker117@163.com. This notification message is present in both WORM_LOVGATE.B and WORM_LOVGATE.C, suggesting that both variants have been created by the same virus author. The two email addresses belong to a network in Beijing, China.
The backdoor component may open TCP port 10168, allowing the machine to be controlled remotely. The worm may also have the ability to spread via various network shares.
The worm has affected around 300 users to date, most of whom were based in Asia, according to Trend Micro. MessageLabs says that it was first seen in the US, and is most active in Belgium, South Africa and the US.
Sophos has more information on the worm here.
XEN, Vmware Virtualization Management of PF Sense Firewalls with Failover Setups Clustered File Systems (GFS,LVM) Puppet, CF Engine System Management ...
The project will use a message based SOA architecture and Business Rules Management System. The ideal C#.NET /Rules Dev will have: - Numerate degree ...
Execution Language (BPEL) Business Activity Monitory (BAM) Service Component Architecture (SCA) and adapters/interfaces (SDO, EJB, JMS, WebService, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business