1. /
  2. Security Response/
  3. W32.Lovgate.W@mm

W32.Lovgate.W@mm

Risk Level 2: Low

Discovered:
May 17, 2004
Updated:
February 13, 2007 12:23:09 PM
Also Known As:
W32/Lovgate.ab@MM!2 [McAfee], I-Worm.LovGate.ac [Kaspersky]
Type:
Worm
Systems Affected:
Windows 2000, Windows NT, Windows Server 2003, Windows XP


W32.Lovgate.W@mm is a variant of W32.HLLW.Lovgate@mm that:
  • Attempts to reply to all the email messages in the Microsoft Outlook inbox.
  • Scans files with .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses and uses its own SMTP engine to send itself to the address it finds.
  • Attempts to copy itself to Kazaa shared folders and all computers on a local network.

The From line of the email is spoofed and the Subject and Message vary. The attachment also name varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.

This threat is written in the C++ programming language and is compressed with JDPack and ASPack.

Antivirus Protection Dates

  • Initial Rapid Release version May 18, 2004
  • Latest Rapid Release version May 10, 2011 revision 052
  • Initial Daily Certified version May 18, 2004
  • Latest Daily Certified version May 11, 2011 revision 002
  • Initial Weekly Certified release date May 18, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver