• Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25
      Legends
  • Odd News
  • Glossary
  • FAQ
  • Autos
  • Business
  • Cokelore
  • College
  • Computers
  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food
  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor
  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love
  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies
  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy
  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business
  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour
  • Travel
  • Weddings
  • Message Archive
 
Home --> Computers --> Virus Hoaxes & Realities --> Lovgate

Lovgate

Virus name:   Lovgate.

Status:   Real.

Example:   [Collected on the Internet, 2003]

There is a new Computer Virus out called "Lovgate.c". It affects users running Outlook, Outlook Express, and the following operating systems: Windows '95, '98, 'NT Windows '2000, Windows ME, and Windows XP. It is a mass mailing virus which comes packaged in your e-mail with the subject "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!". DO NOT OPEN THIS MESSAGE! PLEASE DELETE IT!.

In addition to it's mass-mailing functionality, Lovgate spreads through Windows shares and can steal users' passwords. This virus copies itself to your Hard Drive (C:) and Shares in folders and sub-folders - if they are password protected the virus will try a combination of usernames and passwords to gain access.

Origins:   Lovgate is an especially sneaky worm that contains mass-mailing and backdoor functionalities. It spreads through tricking users into opening it by pretending to be a reply to an actual e-mail sent by the about-to-be-victimized.

Let's say you just mailed your old buddy Joe a message entitled "Lunch today?" and let's also suppose Joe's computer had picked up the Lovgate worm. You would receive a reply from Joe entitled "Re: Lunch today?" which would quote all of your note in the usual carat-indented format that's become somewhat standard, followed by this response, seemingly from Joe:
I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!
Unbeknownst to you, Joe didn't write that message — the worm did. By opening the attachment (which, at this point, you have every reason to believe came from Joe), you infect your PC with the Lovgate worm. Now everyone who writes to you will get back the "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!" response.

The file name of the infected attachment will match one of the following:
  • fun.exe
  • images.exe
  • news_doc.exe
  • s3msong.exe
  • pics.exe
  • billgt.exe
  • midsong.exe
  • PsPGame.exe
  • hamster.exe
  • setup.exe
  • tamagotxi.exe
  • joke.exe
  • docs.exe
  • searchurl.exe
  • card.exe
  • pics.exe
  • humor.exe
Symantec provides removal instructions for Lovgate on its web site.

Additional Information:
    Info from F-Secure on Lovgate Lovgate
(F-Secure)
    Info from Symantec on Lovgate Lovgate
(Symantec)
Last updated:   28 January 2008

Urban Legends Reference Pages © 1995-2013 by Barbara and David P. Mikkelson.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.