Worm variant is spreading from Asia

Worm variant is spreading from Asia

A new variant of the Lovgate worm, first discovered Feb. 19, has been identified in the wild and is reported to be spreading in the Eastern Hemisphere.

Lovgate.C is a mass mailing worm that spreads through Microsoft Windows network shares and installs a backdoor Trojan horse. It sends information gathered from infected computers to what seems to be a Chinese Web portal.

Several computer security companies have issued alerts about the worm. IDefense Inc. of Chantilly, Va., gave it a high-severity rating. The Finnish company F-Secure Corp. gave it a Level 2 alert on a three-level scale, calling it a localized but fast-spreading infection. By Monday morning, it was reported in Australia, France, Japan and Taiwan.

'At least two variants of the Lovgate worm are spreading in the wild,' said Ken Dunham, senior intelligence analyst for iDefense. 'Lovgate.C has had the most success in the wild. It has been modified to avoid detection by major antivirus software.'

At least 10 subject lines, e-mail bodies and attachment filenames have been found for the new worm, but the attachment always is an executable file with a .EXE extension. The worm has its own Simple Mail Transfer Protocol engine and connects to the host smtp.163.com to deliver information including stolen passwords from the compromised computers, according to F-Secure.

Recommended actions to protect against the worm until antivirus signatures are available include blocking all .EXE e-mail attachments. 'Hardening all network shares against the brute force attack used by the worm and using a firewall will also aid in preventing or mitigating' infections, Dunham said. 'Administrators may want to block outgoing traffic on TCP Port 25 to the server smtp.163.com, a China-based SMTP server used by the worm to send out malicious e-mails.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected