Are You Ready For a Summer Valentine?

28 Jun 2002
Virus News

Internet-worm Lentin is actively spreading Kaspersky Lab warns of the spreading of the Internet-worm Lentin. The first appearance "in the wild" of this malicious program was June 18, 2002. Presently Kaspersky Lab has received numerous reports of Lentin infections, most of them coming from Holland, Great Britain, the USA and Russia. The most dangerous variants of Lentin are versions G and E which, to spread themselves, exploit a vulnerability in the Internet Explorer security system. Earlier versions of the virus-worm Lentin used the "Valentines Day" theme to spread across the Internet in the form of the file "valentin.scr" attached to infected emails. The worm activates only if the user himself launches the embedded executable file. The infected message and the message subject contain the following text: Subject:
Fw: Melt the Heart of your Valentine with this beautiful Screen saver
Text:
Hi
Check this screen saver
Happy Valentines day
See u
The latest modifications - Lentin.G and E are a much greater threat to computer user security. To spread itself Lentin.g exploits the same Internet Explorer security vulnerability as does the much talked about virus Klez, which allows Lentin.g to launch on its own. To detect this virus is not easy: the name combinations and variants for the message body and attachment are highly diverse (a full list of names can be found at www.viruslist.com); therefore the file lengths also vary. Several modifications of this malicious program contain mentions of or links to an array of web resources, for example www.screensaverin.com, distributing the infected attachment which is made to look like an interesting screen saver. A number of Lentin variations contain the memory scan functions of different operating systems. The procedure of checking memory is applied continuously, thus allowing the malicious program to obstruct the launch of several anti-virus programs. In addition this virus is able to block in memory the active processes of the well-known viruses SirCam and Klez. Kaspersky Lab strongly recommends that users install the Internet Explorer security patch addressing this vulnerability. Currently Kaspersky Lab knows of seven variations of the Internet worm Lentin. The most recent of which was added to the Kaspersky Lab virus database on June 18, 2002. Details about all Lentin versions can be found in the Kaspersky Virus Encyclopedia.