Lovgate

Information about the 'Lovgate' worm.

Virus name:   Lovgate.

Status:   Real.

Example:   [Collected on the Internet, 2003]

There is a new Computer Virus out called "Lovgate.c". It affects users running Outlook, Outlook Express, and the following operating systems: Windows '95, '98, 'NT Windows '2000, Windows ME, and Windows XP. It is a mass mailing virus which comes packaged in your e-mail with the subject "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!". DO NOT OPEN THIS MESSAGE! PLEASE DELETE IT!.

In addition to it's mass-mailing functionality, Lovgate spreads through Windows shares and can steal users' passwords. This virus copies itself to your Hard Drive (C:) and Shares in folders and sub-folders - if they are password protected the virus will try a combination of usernames and passwords to gain access.

Origins:   Lovgate is an especially sneaky worm that contains mass-mailing and backdoor functionalities. It spreads through tricking users into opening it by pretending to be a reply to an actual e-mail sent by the about-to-be-victimized.

Let's say you just mailed your old buddy Joe a message entitled "Lunch today?" and let's also suppose Joe's computer had picked up the Lovgate worm. You would receive a reply from Joe entitled "Re: Lunch today?" which would quote all of your note in the usual carat-indented format that's become somewhat standard, followed by this response, seemingly from Joe:
I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!
Unbeknownst to you, Joe didn't write that message — the worm did. By opening the attachment (which, at this point, you have every reason to believe came from Joe), you infect your PC with the Lovgate worm. Now everyone who writes to you will get back the "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!" response.

The file name of the infected attachment will match one of the following:
  • fun.exe
  • images.exe
  • news_doc.exe
  • s3msong.exe
  • pics.exe
  • billgt.exe
  • midsong.exe
  • PsPGame.exe
  • hamster.exe
  • setup.exe
  • tamagotxi.exe
  • joke.exe
  • docs.exe
  • searchurl.exe
  • card.exe
  • pics.exe
  • humor.exe
Symantec provides removal instructions for Lovgate on its web site.

Additional Information:
    Info from F-Secure on Lovgate Lovgate
(F-Secure)
    Info from Symantec on Lovgate Lovgate
(Symantec)
Last updated:   28 January 2008

 

David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.



Snopes