Kaspersky Lab Warns All Users: A New Version of The Lovesan Worm Is On The Loose

13 Aug 2003
Virus News


Kaspersky Lab, a leading expert in information security, has identified a new modification of the notorious Lovesan worm (also know as "Blaster"). Kaspersky Lab' experts anticipate that in the short run a repeated outbreak of the global scale may occur. This is because the two versions of "Lovesan" exploit the same vulnerability in Windows and may co-exist on the same computer. "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versio," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Lab, "Taking into consideration that the amount of infected systems is now reaching 300,000 the return of the worm will imply a doubling of this number and lead to unpredictable results." In the worst case scenario the world community might face a global Internet slow-down and regional disruption of access to the World Wide Web: just as it happened in January 2003 due to the "Slammer" worm. Technologically, the new modification of "Lovesan" is a copycat of the original. Slight changes were made only to the appearance of the worm: a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a different method of code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers. Users of Kaspersky® Anti-Virus can be sure that this new worm will not harm to their computers. All Kaspersky Lab products effectively detect both modifications of "Lovesan", without requiring an update.