A worm with high damage potential is spreading across the Internet, with initial outbreaks Monday in Europe and Asia, Trend Micro Inc. said.
The Lovgate.C worm, a variant of an earlier worm with the same name, propagates itself by replying to e-mail in a user’s inbox with an attachment containing the bad code, Trend said. It then installs a backdoor port that allows a remote user to access and modify files on an infected user’s system.
The self-replicating worm spreads through network shared folders and subfolders as well as through the traditional method of an unsuspecting user clicking on an attachment.
Trend Micro provided an example where a legitimate e-mail sent to an infected user, concerning something business-related, is replied to by the worm with the message, “I’ll try to respond as soon as possible. Take a look to [sic] the attachment and send me your opinion!” Users will often click on this attachment, since it comes from a person they know, Trend said.
Clicking on the attachment sends the malicious code into several executable files on a user’s system.
Antti-Virus Emergency Response Team (AVERT), a division of Network Associates Inc., also on Monday also issued an alert concerning the mailer worm. The firm rated the threat as “medium,” and also provided a list of possible filenames the worm could use. Among names on the list: fun.exe, hamster.exe, docs.exe, setup.exe, joke.exe, card.exe and pics.exe.
The worm is affecting users of Microsoft Corp.’s Outlook and Outlook Express e-mail programs. The overall risk of the worm is classified as medium at this time, and more details can be found on Network Associate’s Web site at www.nai.com, or at Trend’s Web site at www.trendmicro.com.
– With files from IT World Canada Staff
