Risk profile raised on Lovgate virus

Link: Get the latest virus alerts

Researchers from McAfee’s AVERT antivirus team said they had moved Lovgate.ab up to medium risk after receiving more than 100 samples of the worm from customers and virus-generated mail around the world in the first few hours after its discovery yesterday.

Lovgate.ab is a prolific internet worm that spreads via email, sending itself to addresses found on the victim’s machine in the form of a .zip archive, or as an .exe, .scr, .pif, .cmd or .bat file.

The zip file may have a .zip or .rar extension, and may also be dropped to the root of local and mapped drives.

Once activated the worm attempts to deliver its payload, which potentially opens infected machines to remote users through a network share.

‘The worm then attempts to drop a backdoor component, copy itself to poorly secured remote shares and create a share on the victim’s machine called ‘MEDIA’,’ warned AVERT.

‘If the worm is able to copy itself to remote shares, it attempts to execute itself remotely. The worm also adds a registry key that helps it activate at the system startup.’

The worm has also been found to terminate processes associated with antivirus and security products.

Further information from AVERT can be found here.

Related reading

HMRC banknotes