SecurityHome.eu Net-Worm:W32/Lovsan.B

Home / malware PDF

Net-Worm:W32/Lovsan.B

First posted on 15 June 2010.
Source: SecurityHome
Aliases :
There are no other names known for Net-Worm:W32/Lovsan.B.
Explanation :
A type of worm that replicates by sending complete, independent copies of itself over a network.

Additional DetailsThe new B variant of Net-Worm:W32/Lovsan was found on August 13th 2003.

A dropper available on a web page drops two files in Windows System folder and adds them to the Windows registry:

€ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
The first file called Root32.exe is a backdoor and the second one called teekids.exe is the actual worm.

This new variant is functional identical to the previous Lovsan, only the text and the file name have been changed.

Detection

F-Secure Anti-Virus detects the dropper and the backdoor as TrojanDropper.Win32.Freshbind.20 and Backdoor.Lithium.10 respectively.

F-Secure Anti-Virus detects the worm in teekids.exe file with database updates:

[FSAV_Database_Version]
Version=2003-08-13_02
Last update 15 June 2010

TOP

Malware :

Last 20

Net-Worm:W32/Lovsan.B

Aliases :

Explanation :

Malware :

Family: