W32.Lovgate.W@mm is a variant of
W32.HLLW.Lovgate@mm that:
- Attempts to reply to all the email messages in the Microsoft Outlook inbox.
- Scans files with .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses and uses its own SMTP engine to send itself to the address it finds.
- Attempts to copy itself to Kazaa shared folders and all computers on a local network.
The From line of the email is spoofed and the Subject and Message vary. The attachment also name varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.
This threat is written in the C++ programming language and is compressed with JDPack and ASPack.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
