Contatti
Chi siamo
Stampa
Beta test
Language:
Italiano
English
Deutsch
Français
Español
Italiano
Português
Русский
Per utenti privati
Avira Antivirus Premium
Avira Internet Security
Per aziende
Client/Server
Avira Professional Security
Avira Server Security
Avira Business Security Suite
Avira Endpoint Security
Small Business
Gateways
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir WebGate
Avira WebGate Suite
Avira AntiVir GateWay Bundle
Avira AntiVir SharePoint
Integrazione
Anti-Malware SDK (SAVAPI)
Antispam SDK (SPACE)
Rebranding & Bundling
Servizi di integrazione
Sconto Formazione
Supporto
Per utenti privati
Panoramica
Ultime news
Tutorial video
Knowledgebase
Per le aziende
Panoramica
Ultime news
Knowledgebase
Virus Lab
Descrizioni dei virus
Statistiche
VDF History
Viruses In the Wild
Glossario dei virus
Invia il file sospetto
Download
Scarica il prodotto
Documentazione tecnica
Product Lifecycle
Aggiornamento VDF
Partner
Trova un partner
Come diventare partner di Avira
Affiliate
Free
Download
Cerca
In breve
Descrizione completa
Statistiche
Alias:
WORM_LOVGATE.F [Trend], WORM_LOVGATE.G [Trend], W32/Lovgate.f@M [McAfee], W32/Lovgate.g@M [McAfee], W32/Lovgate-E [Sophos], I-Worm.LovGate.f [KAV], Win32/Lovgate.F.Worm [CA]
Type:
Worm
Size:
107,008 Bytes
Origin:
Date:
00-00-0000
Damage:
Sent by email.
VDF Version:
Danger:
Low
Distribution:
Low
Distribution
It collects email addresses from all HTML files and replies all messages in Microsoft Outlook Inbox. The email sent by the worm has the following structure:
Subject:
Reply to this!
Let's Laugh
Last Update
for you
Great
Help
Attached one Gift for u..
Hi Dear
See the attachement
Body:
For further assistance, please contact!
Copy of your message, including all the headers is attached.
This is the last cumulative update.
Tiger Woods had two eagles Friday during his victory over Stephen Leaney. (AP Photo/Denis Poroy)
Send reply if you want to be official beta tester.
This message was created automatically by mail delivery software (Exim).
It's the long-awaited film version of the Broadway hit. Set in the roaring 20's, this is the story of Chicago chorus girl Roxie Hart (Zellweger), who shoots her unfaithful lover (West).
Adult content!!! Use with parental advisory.
Patrick Ewing will give Knick fans something to cheer about Friday night.
Send me your comments...
someone wrote:
===
>
>
===
auto-reply: If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about,don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
... ... more look to the attachment.
Attachment:
About_Me.txt.pif
driver.exe
Doom3 Preview!!!.exe
enjoy.exe
YOU_are_FAT!.TXT.pif
Source.exe
Interesting.exe
README.TXT.pif
images.pif
Pics.ZIP.scr
the hardcore game-.pif
Sex in Office.rm.scr
Deutsch BloodPatch!.exe
s3msong.MP3.pif
Me_nude.AVI.pif
How to Crack all gamez.exe
Macromedia Flash.scr
SETUP.EXE
Shakira.zip.exe
dreamweaver MX (crack).exe
StarWars2 - CloneAttack.rm.scr
Industry Giant II.exe
DSL Modem Uncapper.rar.exe
joke.pif
Britney spears nude.exe.txt.exe
I am For u.doc.exe
Technical Details
When activated, the worm is copied in %SystemDIR%, with the following file names:
Ravmond.exe
WinGate.exe
WinDriver.exe
Winrpc.exe
Winhelp.exe
Iexplore.exe
Kernel66.dll
NetServices.exe
It copies the following files from %SystemDIR% and opens them:
Task688.dll
Ily688.dll
Reg678.dll
111.dll
The worm makes the autostart registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run winhelp %system%\winhelp.exeWinGate initialize %system%\WinGate.exe -remoteshellRemote Procedure Call Locator rundll32.exe reg678.dll ondll_regProgram in Windows %system%\iexplore.exe
It also enters:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows run RAVMOND.EXE
Then it changes: HKEY_CLASS_ROOT\txtfile\shell\open\command into: winrpc.exe %1
The worm will be activated every time a text file is opened.
The worm is copied in all shared network directories and archives as:
Are you looking for Love.doc.exe
autoexec.bat
The world of lovers.txt.exe
How To Hack Websites.exe
Panda Titanium Crack.zip.exe
Mafia Trainer!!!.exe
100 free essays school.pif
AN-YOU-SUCK-IT.txt.pif
Sex_For_You_Life.JPG.pif
CloneCD + crack.exe
Age of empires 2 crack.exe
MoviezChannelsInstaler.exe
Star Wars II Movie Full Downloader.exe
Winrar + crack.exe
SIMS FullDownloader.zip.exe
MSN Password Hacker and Stealer.exe
It listens on TCP ports 1092, 20168 and 6000 and sends to the hacker the email addresses used with 163.com and Yahoo.com.cn. It has a backdoor routine on port 6000. It creates the file C:\Netlog.txt.
The worm tries to log on to the computer networks, using the "administrator" passwords:
zxcv
yxcv
xxx
win
test123
test
temp123
temp
sybase
super
sex
secret
pwd
pw123
Password
owner
oracle
mypc123
mypc
mypass123
mypass
love
login
Login
Internet
home
godblessyou
god
enable
database
computer
alpha
admin123
Admin
abcd
aaa
88888888
2600
2003
2002
123asd
123abc
123456789
1234567
123123
121212
11111111
110
007
00000000
000000
pass
54321
12345
password
passwd
server
sql
!@#$%^&*
!@#$%^&
!@#$%^
!@#$%
asdfgh
asdf
!@#$
1234
111
root
abc123
12345678
abcdefg
abcdef
abc
888888
666666
111111
admin
administrator
guest
654321
123456
321
123
If logged on, the worm tries to copy itself as:
http://visor.hbedv.com/typo3/file://\\\\
Descrizione inserita da Crony Walker su martedì 15 giugno 2004
Indietro
.
.
.
.
