| View previous topic :: View next topic |
| Author |
Message |
The Count
Junior Member
Joined: 06 Mar 2004
Last Visit: 23 Jun 2007
Posts: 17
|
 Posted: Sat Jul 03, 2004 6:33 am Post subject: ** Virus Advisory - W32/Lovgate.ad@MM ** |
 |
|
Hello everyone,
It's been awhile, family matters, but I'm back... and ofcourse with a alert.
| McAfee wrote: |
Like its predecessors, W32/Lovgate.ad@MM is a Medium Risk
mass-mailing worm hiding inside an email attachment. When
run, the worm:
1. Drops a dangerous backdoor on an infected machine that
can allow a remote hacker to steal information.
2. Infects executable programs.
3. Tries to disable anti-virus and security software.
4. Emails itself to a) stolen contacts or b) as replies
to unread MS Outlook or Outlook Express messages on the
infected machine, spoofing the "from: field".
Note: McAfee VirusScan proactively detects and blocks
W32/Lovgate.ab@MM's backdoor component (BackDoor-AQJ).
--> What should I look for?
Subject (examples): hi, hello, Hello, Mail transaction
Failed, mail delivery system
Body (examples): Mail failed. For further assistance,
please contact! The message contains Unicode characters
and has been sent as a binary attachment.
Attachment: Randomly constructed strings with the
following extensions: .EXE, .PIF, .SCR, .ZIP
--> How do I know if I've been infected?
Presence of various .EXE,.DLL or .ZIP archive files on
system. Modified System Registry (see our site for
details). |
Learn more about W32/Lovgate.ad@MM here:
http://us.mcafee.com/root/campaign.asp?cid=11205
FreeScan checks for W32/Lovgate.ad@MM. Scan now:
http://us.mcafee.com/root/campaign.asp?cid=11206
_________________
Best Regards and Wishes,
The Count, Co-webmaster of mesich.com |
|
| Back to top |
|
 |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wandrinstar
Junior Member
Joined: 20 Jun 2004
Last Visit: 27 May 2011
Posts: 15
|
| Posted: Wed Jul 07, 2004 2:06 am Post subject: |
|
|
I got a delivery of this to my MS Outlook mail account;
| Quote: |
This message had an attachment which were found to contain the following virus(es):
File 'message9347.zip/msg.eml .scr' was infected with virus 'W32.Netsky.Q@mm' (ID 37711)
The infected file(s) were cleaned or removed from the attachment |
----------------------------------------------------------------------
I took a chance and hit "reply" to see what would happen and the above is the result. Come out of it completely clean. 
My AV is Nod32 V2. |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Wed Jul 07, 2004 8:32 am Post subject: |
|
|
your lucky as some viruses and trojins disable your onboard virus scanners.
when people send me virus i open linux up and trace down where there from,when they were last modified when applicable. etc. and when i know absolutely for sure where and who sent and if sent knowingly i contact the apropreate law enforcement people in there area. i have learned a lot more about computer security than.my avasaries know!
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wandrinstar
Junior Member
Joined: 20 Jun 2004
Last Visit: 27 May 2011
Posts: 15
|
| Posted: Wed Jul 07, 2004 8:44 am Post subject: |
|
|
Hi dave, I was sorely tempted to open the load bearing email but resisted. Obviously I got it out of the way without any further investigation. I was going to write the "from" address but thought it might not be a good idea. Subject was; Mail Delivery Failure.
b9(Benign) let me see the details before I got to it. And yes I was rather pleased to get out cleanly.  |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Wed Jul 07, 2004 8:50 am Post subject: |
|
|
that kind is usally a spoofed addy not worth looking at unless some script kiddy has you as a target.
if you want to look at those don,t do it from windows.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
|
