Fact Check

Lovgate Virus

Information about the 'Lovgate' worm.

Published Feb. 28, 2003

Claim:

Virus name:   Lovgate.


Status:   Real.

Example:   [Collected on the Internet, 2003]




There is a new Computer Virus out called "Lovgate.c". It affects users running Outlook, Outlook Express, and the following operating systems: Windows '95, '98, 'NT Windows '2000, Windows ME, and Windows XP. It is a mass mailing virus which comes packaged in your e-mail with the subject "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!". DO NOT OPEN THIS MESSAGE! PLEASE DELETE IT!.

In addition to it's mass-mailing functionality, Lovgate spreads through Windows shares and can steal users' passwords. This virus copies itself to your Hard Drive (C:) and Shares in folders and sub-folders - if they are password protected the virus will try a combination of usernames and passwords to gain access.



Origins:   Lovgate is an especially sneaky worm that contains mass-mailing and backdoor functionalities. It spreads through tricking users into opening it by pretending to be a reply to an actual e-mail sent by the about-to-be-victimized.

Let's say you just mailed your old buddy Joe a message entitled "Lunch today?" and let's also suppose Joe's computer had picked up the Lovgate worm. You would receive a reply from Joe entitled "Re: Lunch today?" which would quote all of your note in the usual carat-indented format that's become somewhat standard, followed by this response, seemingly from Joe:



I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!

Unbeknownst to you, Joe didn't write that message — the worm did. By opening the attachment (which, at this point, you have every reason to believe came from Joe), you infect your PC with the Lovgate worm. Now everyone who writes to you will get back the "I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion!" response.

The file name of the infected attachment will match one of the following:


  • fun.exe

  • images.exe

  • news_doc.exe

  • s3msong.exe

  • pics.exe

  • billgt.exe

  • midsong.exe

  • PsPGame.exe

  • hamster.exe

  • setup.exe

  • tamagotxi.exe

  • joke.exe

  • docs.exe

  • searchurl.exe

  • card.exe

  • pics.exe

  • humor.exe

Symantec provides removal instructions for Lovgate on its web site.

Additional Information:







    Info from F-Secure on Lovgate Lovgate (F-Secure)
    Info from Symantec on Lovgate Lovgate (Symantec)

Last updated:   28 January 2008


David Mikkelson founded the site now known as snopes.com back in 1994.