from my data security advisor.
fyi.
M. Dunst
General Information
There is a new computer worm that was discovered 2/23 , called W32/Lovgate@M ,
which is rated a medium threat by almost all virus vendors/watchers. This
worm essentially will propagate via e-mail and network shares, and it drops a
Trojan horse (back door program), and will try to crack your windows password
(easy combination of password for example abc123, password, 123456) which may
allow the virus writer to have full control of the infected computer. Some
e-mails are constructed like a legitimate business e-mail, so please be
careful. The virus contains its own SMTP engine, which it uses to deliver its
email. When activated, the virus may try to reply to any emails it finds in
the recipient's in-box, attaching itself to the email.
Below are some helpful information about the worm.
Virus Information
W32/Lovgate@M is a mass-mailing worm that spreads via email and open network
shares. There is a possibility that the worm may ask users to download a
Trojan horse (back door program) that might allow the virus writer to have
complete control of a user's machine.
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows
XP, Windows Me
Subject: Possible message, subject lines, and attachment include the
following:
a.. Subject: Documents
Attachment: Docs.exe
Message:: Send me your comments...
Subject: Roms
Attachment: Roms.exe
Message:: Test this ROM! IT ROCKS!.
Subject: Pr0n!
Attachment: Sex.exe
Message:: Adult content!!! Use with parental advisory.
Subject: Evaluation copy
Attachment: Setup.exe
Message:: Test it 30 days for free.
Subject: Help
Attachment: Source.exe
Message:: I'm going crazy... please try to find the bug!
Subject: Beta
Attachment: _SetupB.exe
Message:: Send reply if you want to be official beta tester.
Subject: Do not release
Attachment: Pack.exe
Message:: This is the pack ;)
Subject: Last Update
Attachment: LUPdate.exe
Message:: This is the last cumulative update.
Subject: The patch
Attachment: Patch.exe
Message:: I think all will work fine.
Subject: Cracks!
Attachment: CrkList.exe
Message:: Check our list and mail your requests!
How do I protect my home computer from this virus?
a.. Update virus pattern on the home Anti-Virus Software (update
frequently)- definition/virus patterns available for all vendors
b.. Don't open .exe, .vbs, .pif, .scr attachments. If the messages seem
very strange (feels generic), do not open it.
c.. Do not download files when a computer software ask you to.
More Detailed Information:
http://www.eweek.com/article2/0,3959,901393,00.asp
http://vil.nai.com/vil/content/v_100072.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.d@mm
.html
|