Weekly Virus Report - Fizzer Worm and Lovgate Variants
Posted on 17.05.2003
This week's virus report looks at Trifor (Trj/Trifor), the dangerous Fizzer worm (W32/Fizzer), and the I, J, K, L and M variants of the Lovgate worm.

Trifor is a Trojan with no damaging effects that spreads via the Internet. To do this, it exploits the iFrame vulnerability in versions 5.01 and 5.5 of Internet Explorer.

The most visible symptom of infection by this Trojan is that it changes the home page of Internet Explorer to the web page that contains the virus code.

Fizzer is a new dangerous worm that not only spreads rapidly but can also act as a backdoor Trojan, allowing a hacker remote access to resources on the victim's computer.

It captures the keystrokes entered in the affected computer and saves them in a text file. If hackers obtained this file, they would be able to access the confidential information belonging to the user of the affected computer, such as passwords for accessing Internet services, bank accounts, etc. It also ends certain process active in memory associated with antivirus programs.

This worm mainly spreads via e-mail. It sends a copy of itself to all the contacts it finds in the Outlook and Windows Address Books. Fizzer also spreads through the P2P (peer-to-peer) file sharing program KaZaA.

Due to the amount of incidents being caused by Fizzer -which reached second place in the list of viruses most frequently detected by Panda ActiveScan-, Panda Software has made its PQREMOVE application available to all users to repair any possible damage caused by the worm. This utility can be downloaded free of charge by anyone who needs it from Panda Software.

Finally, the I, J, K, L and M variants of the Lovgate worm spread via e-mail (replying to messages in the Outlook inbox) and shared network drives.
They all create copies of themselves and are similar to backdoor Trojans, as they open a communication port and try to locate network administrator passwords.

Differences between the variants are slight and are mainly down to file size or the ability to infect executable files as is the case with Lovgate.J.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //