Home / malware Net-Worm:W32/Lovsan.E
First posted on 15 June 2010.
Source: SecurityHomeAliases :
There are no other names known for Net-Worm:W32/Lovsan.E.
Explanation :
A type of worm that replicates by sending complete, independent copies of itself over a network.
Additional DetailsThe new E variant of Net-Worm:W32/Lovsan was found on August 29th, 2003. This variant is functionally identical to Lovsan.A with a few minor differences:
€ It uses the file name mslaugh.exe instead of MSBLAST.EXE. € It uses a different MUTEX name: 'SILLY' € The Distributed Denial of Service (DDoS) target has been changed to kimble.org, which already points to 127.0.0.1, effectively causing the infected hosts to attack themselves € The used registry value has been changed to:
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Automation'
€ It has a different hidden message:
'I dedicate this particular strain to me ANG3L -
hope yer enj oying yerself and dont forget the promise for me B/DAY !!!!'
Detection
F-Secure Anti-Virus detects this variant of the worm with database versions starting from:
[FSAV_Database_Version]
Version=2003-08-14_02Last update 15 June 2010
