LL-L "Virus" 2003.02.24 (07) [E]

Lowlands-L admin at lowlands-l.net
Mon Feb 24 18:44:03 UTC 2003 

======================================================================
 L O W L A N D S - L * 24.FEB.2003 (07) * ISSN 189-5582 * LCSN 96-4226
 http://www.lowlands-l.net  * admin at lowlands-l.net * Encoding: Unicode UTF-8
 Rules & Guidelines: http://www.lowlands-l.net/rules.htm
 Posting Address: lowlands-l at listserv.linguistlist.org
 Server Manual: http://www.lsoft.com/manuals/1.8c/userindex.html
 Archives: http://listserv.linguistlist.org/archives/lowlands-l.html
=======================================================================
 You have received this because you have been subscribed upon request.
 To unsubscribe, please send the command "signoff lowlands-l" as message
 text from the same account to <listserv at listserv.linguistlist.org> or
 sign off at <http://linguistlist.org/subscribing/sub-lowlands-l.html>.
=======================================================================
 A=Afrikaans Ap=Appalachian B=Brabantish D=Dutch E=English F=Frisian
 L=Limburgish LS=Lowlands Saxon (Low German) N=Northumbrian
 S=Scots Sh=Shetlandic V=(West)Flemish Z=Zeelandic (Zeêuws)
=======================================================================

From: Wim <wkv at home.nl>
Subject:  Medium Risk Virus Alert - WORM_LOVGATE.C

>From wkv at home.nl   wim verdoold,  zwolle, netherlands.

Dear Lowlanders,

This mailware is currently rapidly spreading in Taiwan, Australia,
France, and Japan from where TrendLabs has received a significant number
of infection reports. As of 1:02 AM, Trend has declared a Yellow Alert
to control the spread of this malware. Expect an Official Pattern
Release within 45 minutes of this alert declaration.

This mailware is both a worm and backdoor program. To propagate, it
drops copies of itself in network shared folders and subfolders. It also
sends copies of itself via email.

This worm uses its own SMTP server, SMTP.163.com, to send email. It
sends email with the following message:

' I'll try to reply as soon as possible.
Take a look to the attachment and send me your opinion! '

As a backdoor, it opens a port, 10168 by default, allowing remote users
to access and manipulate the affected system. It sends a notification to
either of the following email addresses:

54love at fescomail.net
hacker117 at 163.com
TrendLabs is currently analyzing this malware and will be providing more
information.

WORM_LOVGATE.C is detected by pattern file 467.

For more information on WORM_LOVGATE.C please visit this Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOV
GATE.C

Wim.

==================================END===================================
* Please submit postings to <lowlands-l at listserv.linguistlist.org>.
* Postings will be displayed unedited in digest form.
* Please display only the relevant parts of quotes in your replies.
* Commands for automated functions (including "signoff lowlands-l") are
  to be sent to <listserv at listserv.linguistlist.org> or at
  <http://linguistlist.org/subscribing/sub-lowlands-l.html>.
 =======================================================================

More information about the LOWLANDS-L mailing list