The mass-mailing computer program installs a backdoor Trojan horse on infected systems, allowing a remote attacker access to a victim's PC.
Known as LovGate.C, the LovGate.C program has many similarities to previous viruses:
"In terms of the technology that it uses, all the individual capabilities have been seen before," said Steve Trilling, senior director of research for security software company Symantec. The worm is a variant of the LovGate.A virus, also known as w32.lovegate@m, which was first seen on the Internet last week.
Symantec rated the worm a "3"--or medium threat--on its five-point scale of computer-virus risk. Trilling said that to a large extent the level of the grade is due to the large number of incident submissions from 18 of the company's corporate clients. Rival firm Network Associates also rated LovGate.C a medium threat. Both firms have updated the definitions available to allow their software to detect the worm.
LovGate.C, which some antivirus companies call LoveGate, generally first appears as an attachment to an e-mail message. It uses typical social-engineering tricks--such as e-mail headers that promise free software, ask for help or advertise sexual content--to convince PC users to run the attached program. It then integrates itself with the victim's operating system.
As part of its attack, the worm installs and runs a Trojan horse program consisting of four files. When it runs, the program notifies the virus's author of the compromised machine's address via e-mail, and opens up port 10168. Ports are the software addresses used by applications running on one computer to communicate with other applications running on other systems across a network.
By knowing the Internet address of the victim's computer, the port number and the password used by the Trojan horse, an intruder can take control of an infected PC.
While the virus could be a security threat for infected companies and home users, it hasn't yet spread very widely.
E-mail service provider MessageLabs intercepted nearly 4,000 e-mails containing the malicious program in the first 12 hours of its spread. The e-mails came from South Africa, the United Kingdom, Italy, Germany, Belgium, China and the United States.
That falls well short of the propagation of the top-dog computer virus, Klez.H. Computers infected with the 10-month-old malicious computer program still produce more than 12,000 e-mails that are detected by MessageLabs every day.
Two other viruses, Sobig and Yaha, are currently in the No. 2 and No. 3 slots on MessageLabs' list of most prevalent intercepted code. Both have created more than 4,000 e-mail messages that have been filtered by the company.