|
Description:
This worm propagates via network shares and email. Upon execution, it drops multiple copies of itself. It also drops .DLL files associated with WORM_LOVGATE.Q.
It creates several registry entry to ensure its execution at every Windows startup and every time a .TXT file is opened.
To propagate via network shares, this worm drops copies of itself in accessible shared folders as an executable file or as a WinRar-compressed file using any of several filenames and extensions.
It may also drop copies in random folders on a system, using up disk space.
To propagate via email, it uses its own SMTP engine. The email it sends out has the following details:
From: (Spoofed)
Subject: (any of the following)
·Delivery Status Notification (Delay)
·Hi
·Error
·Mail Transaction Failed
·Test
Message body: (any of the following)
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has failed:
The message contains Uniocode characters and has been sent as a binary attachment.
Mail failed. For further assistance, Please contact!
It's the long-awaited film version of the Broadway hit. The message sent as a binary attachment.
Attachments (any of the following filenames)
·Body
·data
·Doc
·Document
·File
·Message
·Readme
·Test
·Text
The attachment may have any of the following filename extensions:
·bat
·Cmd
·com
·Exe
·Pif
·scr
·Zip
It may also send out email with blank subject ang message body. Additionaly, it may send a randomly named file as attachment.
This worm runs on Windows NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 11, 2004 7:13:01 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
