Lovgate worm mutates, spreads in Asia
Published: 14 May 2003 08:35 BST
Security firm Trend Micro has reported seeing the virus in Singapore, South Korea and Japan and has given it a medium risk alert rating.
WORM_LOVGATE.J, named after the virus program, is currently spreading in Korea, from where there has been a "significant number of infection reports", according the statement from Trend Micro.
Two variants of this worm, detected as WORM_LOVGATE.I and WORM_LOVGATE.K., have been reported in Singapore and Japan. All are related to the Lovgate.C worm, discovered in February.
The LovGate virus generally first appears as an attachment to an email message. It uses typical social-engineering tricks -- such as email headers that promise free software, ask for help or advertise sexual content -- to convince PC users to run the attached program. It then integrates itself with the victim's operating system.
As part of its attack, the worm installs and runs a Trojan horse program consisting of four files. When it runs, the program notifies the virus's author of the compromised machine's address via email, and opens up port 10168. Ports are the software addresses used by applications running on one computer to communicate with other applications running on other systems across a network.
By knowing the Internet address of the victim's computer, the port number and the password used by the Trojan horse, an intruder can take control of an infected PC.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
65 out of 110 people found this useful
- Share this article:
