This malware is currently rapidly spreading in Taiwan, Australia, France,
and Japan from where TrendLabs has received a significant number of
infection reports. As of 1:02 AM, Trend has declared a Yellow Alert to
control the spread of this malware. Expect an Official Pattern Release
within 45 minutes of this alert declaration.
This malware is both a worm and backdoor program. To propagate, it drops
copies of itself in network shared folders and subfolders. It also sends
copies of itself via email.
This worm uses its own SMTP server, SMTP.163.com, to send email. It sends
email with the following message:
‘ I’ll try to reply as soon as possible.
Take a look to the attachment and send me your opinion! ‘
As a backdoor, it opens a port, 10168 by default, allowing remote users to
access and manipulate the affected system. It sends a notification to either
of the following email addresses:
54love@fescomail.net
hacker117@163.com
TrendLabs is currently analyzing this malware and will be providing more
information.
WORM_LOVGATE.C is detected by pattern file 467.
For more information on WORM_LOVGATE.C please visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOVGATE
.C