Worm variant is spreading from Asia

Worm variant is spreading from Asia

A new variant of the Lovgate worm, first discovered Feb. 19, has been identified in the wild and is reported to be spreading in the Eastern Hemisphere.

Lovgate.C is a mass mailing worm that spreads through Microsoft Windows network shares and installs a backdoor Trojan horse. It sends information gathered from infected computers to what seems to be a Chinese Web portal.

Several computer security companies have issued alerts about the worm. IDefense Inc. of Chantilly, Va., gave it a high-severity rating. The Finnish company F-Secure Corp. gave it a Level 2 alert on a three-level scale, calling it a localized but fast-spreading infection. By Monday morning, it was reported in Australia, France, Japan and Taiwan.

'At least two variants of the Lovgate worm are spreading in the wild,' said Ken Dunham, senior intelligence analyst for iDefense. 'Lovgate.C has had the most success in the wild. It has been modified to avoid detection by major antivirus software.'

At least 10 subject lines, e-mail bodies and attachment filenames have been found for the new worm, but the attachment always is an executable file with a .EXE extension. The worm has its own Simple Mail Transfer Protocol engine and connects to the host smtp.163.com to deliver information including stolen passwords from the compromised computers, according to F-Secure.

Recommended actions to protect against the worm until antivirus signatures are available include blocking all .EXE e-mail attachments. 'Hardening all network shares against the brute force attack used by the worm and using a firewall will also aid in preventing or mitigating' infections, Dunham said. 'Administrators may want to block outgoing traffic on TCP Port 25 to the server smtp.163.com, a China-based SMTP server used by the worm to send out malicious e-mails.'

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected