Worm variant is spreading from Asia

Worm variant is spreading from Asia

A new variant of the Lovgate worm, first discovered Feb. 19, has been identified in the wild and is reported to be spreading in the Eastern Hemisphere.

Lovgate.C is a mass mailing worm that spreads through Microsoft Windows network shares and installs a backdoor Trojan horse. It sends information gathered from infected computers to what seems to be a Chinese Web portal.

Several computer security companies have issued alerts about the worm. IDefense Inc. of Chantilly, Va., gave it a high-severity rating. The Finnish company F-Secure Corp. gave it a Level 2 alert on a three-level scale, calling it a localized but fast-spreading infection. By Monday morning, it was reported in Australia, France, Japan and Taiwan.

'At least two variants of the Lovgate worm are spreading in the wild,' said Ken Dunham, senior intelligence analyst for iDefense. 'Lovgate.C has had the most success in the wild. It has been modified to avoid detection by major antivirus software.'

At least 10 subject lines, e-mail bodies and attachment filenames have been found for the new worm, but the attachment always is an executable file with a .EXE extension. The worm has its own Simple Mail Transfer Protocol engine and connects to the host smtp.163.com to deliver information including stolen passwords from the compromised computers, according to F-Secure.

Recommended actions to protect against the worm until antivirus signatures are available include blocking all .EXE e-mail attachments. 'Hardening all network shares against the brute force attack used by the worm and using a firewall will also aid in preventing or mitigating' infections, Dunham said. 'Administrators may want to block outgoing traffic on TCP Port 25 to the server smtp.163.com, a China-based SMTP server used by the worm to send out malicious e-mails.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected