News Stay informed about the latest enterprise technology news and product updates.

Worm variants run amok

Antivirus vendors are rushing to update signature files to detect new Lovegate, Netsky and Sober worm variants.

Antivirus vendors are rushing to update signature files to detect new Lovegate, Netsky and Sober worm variants....

All can be stopped at the gateway by stripping executable files.

Lovegate-V uses .exe, .scr and .pif extensions, as well as double extensions, according to Bruce Hughes, director of malicious code research at TruSecure's ICSA Labs and moderator of the WildList. "Lovegate-V attempts to access, as administrator, all machines on the local network," he said. It installs a backdoor, uses a random port and steals data via FTP and SMTP. Lovegate is also a share crawler and will spread over a LAN.

Netsky-S carries executable .zip, .pif, .bat, .cmd and .scr files and installs a backdoor.

Sober-F travels as either a .pif or a .zip file and sends its message in either German or English depending on the domain of the e-mail address it's sent to. It doesn't install a backdoor, but was gaining the most traction Sunday.

The worm is ranked as a medium-level threat for corporate users. Sober-F adds files to the system folder and creates registry keys to execute on system boot. According to officials at Santa Clara, Calif.-based Network Associates, "This worm is intended to spread by sending itself to e-mail addresses found on the local system. The worm does not use any exploits in order to execute the attachment automatically. The worm is difficult to find and hides from many antivirus scanners. "

Experts recommend filtering executable attachments -- .exe, .pif, .scr, .com, .bat, .vbs, .lnk, and .hta, among them -- at the gateway and disabling HTML in e-mail either by filtering at the e-mail perimeter or at the e-mail client.

"I suspect the virus writers are launching these things from zombie computers or bot farms to get the 'instant spread,'" said Roger Thompson, vice president of product development at PestPatrol.

NAI description of Sober-F
Trend Micro description of Netsky-S

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.