1. /
  2. Security Response/
  3. W32.HLLW.Lovgate.C@mm

W32.HLLW.Lovgate.C@mm

Risk Level 2: Low

Discovered:
February 24, 2003
Updated:
February 13, 2007 11:43:24 AM
Also Known As:
WORM_LOVGATE.C [Trend], Win32/Lovgate.C@mm [RAV], W32/Lovgate.c@M [McAfee], I-Worm.Supnot.c [KAV], W32/Lovgate-B [Sophos], Win32.Lovgate.C [CA]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

NOTE: As of February 28, 2003, due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from a Category 3 to a Category 2.

W32.HLLW.Lovgate.C@mm is a variant of W32.HLLW.Lovgate@mm. This worm contains mass-mailing and backdoor functionalities.

To spread itself, the worm attempts to reply to incoming messages when they arrive in the mailbox of certain MAPI-compliant email clients, including Microsoft Outlook. W32.HLLW.Lovgate.C@mm does this in an effort to emulate the auto-reply function of the email client, as well as to lure those who sent the original messages to the infected computer into opening the returned messages.

There are no major functionality differences between this variant and W32.HLLW.Lovgate@mm. This particular variant appears to have been recompiled with a different compiler, and then packed with the same run-time compression utility as W32.HLLW.Lovgate@mm.

NOTE: Definitions dated February 23, 2003 detect this threat as W32.HLLW.Lovgate@mm. Definitions dated February 24, 2003 or later will detect this threat as W32.HLLW.Lovgate.C@mm.

Antivirus Protection Dates

  • Initial Rapid Release version February 24, 2003
  • Latest Rapid Release version April 6, 2013 revision 022
  • Initial Daily Certified version February 24, 2003
  • Latest Daily Certified version April 7, 2013 revision 007
  • Initial Weekly Certified release date February 24, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 50 - 999
  • Number of Sites: More than 10
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Tony Conneff

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver