SecurityHome.eu Win32.Lovgate.V@mm

Home / malware PDF

Win32.Lovgate.V@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Lovgate.V@mm is also known as Win32/Lovgate.V@mm.
Explanation :
It was written in C++, compiled using VC6 and packed with 2 different packers.

The worm spreads via email - attached as a double extension executable or as a zip or rar archive - and via shares using companion technique.

That is it renames the original .EXE files to *.ZMX, sets their attributes to hidden plus system (not to be displayed by explorer on default configuration) and writes in the original .EXEs a copy of the worm.

It has backdoor capabilities which reside in the fact that it keeps many ports open for remote commands, chosen at random.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20