I-Worm.LovGate.ac, [email protected]
, W32/Lovgate-AB, W32/[email protected]
LoveGate.AL Worm, Win32.HLLM.Lovgate.8, Win32.Lovgate.AF, WORM_LOVGATE.AB
Category: Computer Worm
Active & Spreading
North and South America, Australia, Asia
07 Jul 2004
This Worm is equipped with a backdoor component which can be used by the malicious author to remotely control the compromised machine. The [email protected]
will create a shared folder in the victimized computer system which usually carries the name MEDIA. It will illegally stop all processes identified with security and protection programs. Using its own Simple Mail Transfer Protocol engine, it sends out spiked email messages or replies to messages found in the user's account.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This mass mailing Worm sends out email messages that have file attachments that make use of the ZIP, RAR, COM, SCR, EXE, or PIF file extensions. Unprotected network shares can also be exploited by the [email protected]
to spread its infection to other computer systems. Vulnerabilities associated with the DCOM RPC service of the operating system can also be exploited by this malware. The [email protected]
takes advantage of the service which uses the TCP port 135. The file traces that are extracted by this malware into the infected computer system can be found in the directory folder location of the operating system files. File traces associated with the [email protected]
malware makes use of the executable and Dynamic Link Library file extensions.
Aside from the DLL and EXE file formats, this malware also generates some non-viral text files also in the same directory folder. The [email protected]
will create an information file in the root folder of every drive attached to the infected computer system except for optical media drives. It will also drop an executable copy of itself into the same location. This routine is done by the [email protected]
malware to automatically spread its infection once the drive is accessed by unsuspecting computer users. The [email protected]
creates an unsecured backdoor on the compromised machine using a random communication port.