Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Lohav-D

Feb 16, 2004 11:36PM PST

Aliases
Proxy-Mitglieder, MitGleider-H

Type
Win32 worm

Description
W32/Lohav-D is an internet worm, proxy backdoor and downloader Trojan.
W32/Lohav-D spreads to computers on the local network and at random IP addresses that are infected with W32/MyDoom-A.

The worm exploits a backdoor component installed by W32/MyDoom-A that provides access on port 3127.

W32/Lohav-D runs continuously in the background providing a proxy server on port 35555.

Data can be routed to other computers via the proxy in order to bypass access restrictions and to hide the IP address of the source computer.

The proxy may be used to forward SPAM email.


Read more: http://www.sophos.com/virusinfo/analyses/w32lohavd.html

Discussion is locked