Lovegate Worm Makes the Rounds
- By Scott Bekker
A new variant of the LoveGate worm is posing a multi-layered threat to corporate networks this week.
The worm is a mass-mailing virus with its own SMTP engine and a backdoor component that harvests highly insecure passwords. It is also able to spread through network shares.
LoveGate's authors use trickery to get users to open the message. It generates replies to existing e-mails to ensure that it is random. Body text can also contain the text, "I'll try to reply as soon as possible. Take a look at the attachment and send me your opinion," according to anti-virus vendor MessageLabs.
Attachments go by varying names, including billgt.exe, card.exe, docs.exe, fun.exe and joke.exe.
The backdoor component may open TCP port 10168, which allows the machine to be controlled remotely.
Several anti-virus vendors classified LoveGate as a medium threat.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.