1. Symantec/
  2. Security Response/
  3. W32.Lovgate.W@mm


Risk Level 2: Low

May 17, 2004
February 13, 2007 12:23:09 PM
Also Known As:
W32/Lovgate.ab@MM!2 [McAfee], I-Worm.LovGate.ac [Kaspersky]
Systems Affected:

W32.Lovgate.W@mm is a variant of W32.HLLW.Lovgate@mm that:
  • Attempts to reply to all the email messages in the Microsoft Outlook inbox.
  • Scans files with .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email addresses and uses its own SMTP engine to send itself to the address it finds.
  • Attempts to copy itself to Kazaa shared folders and all computers on a local network.

The From line of the email is spoofed and the Subject and Message vary. The attachment also name varies, with a .bat, .cmd, .exe, .pif, or .scr file extension. The worm may also send a .zip file containing the attachment.

This threat is written in the C++ programming language and is compressed with JDPack and ASPack.

Antivirus Protection Dates

  • Initial Rapid Release version May 18, 2004
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version May 18, 2004
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date May 18, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube