W32.Lovgate.W@mm

W32.Lovgate.W@mm is a variant of W32.HLLW.Lovgate@mm that:

• Attempts to reply to all the email messages in the Microsoft Outlook inbox.
• Scans files with .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses and uses its own SMTP engine to send itself to the address it finds.
• Attempts to copy itself to Kazaa shared folders and all computers on a local network.

The From line of the email is spoofed and the Subject and Message vary. The attachment also name varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.

This threat is written in the C++ programming language and is compressed with JDPack and ASPack.

Antivirus Protection Dates

• Initial Rapid Release version May 18, 2004
• Latest Rapid Release version March 11, 2010 revision 039
• Initial Daily Certified version May 18, 2004
• Latest Daily Certified version March 12, 2010 revision 003
• Initial Weekly Certified release date May 18, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Moderate
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High