Kaspersky Lab Warns All Users: A New Version of The Lovesan Worm Is On The Loose

Kaspersky Lab Warns All Users: A New Version of The Lovesan Worm Is On The Loose


Kaspersky Lab, a leading expert in information security, has identified a new modification of the notorious Lovesan worm (also know as "Blaster").

Kaspersky Lab' experts anticipate that in the short run a repeated outbreak of the global scale may occur. This is because the two versions of "Lovesan" exploit the same vulnerability in Windows and may co-exist on the same computer. "In other words, all computers infected by the original "Lovesan" will soon be attacked by its revamped versio," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Lab, "Taking into consideration that the amount of infected systems is now reaching 300,000 the return of the worm will imply a doubling of this number and lead to unpredictable results." In the worst case scenario the world community might face a global Internet slow-down and regional disruption of access to the World Wide Web: just as it happened in January 2003 due to the "Slammer" worm.

Technologically, the new modification of "Lovesan" is a copycat of the original. Slight changes were made only to the appearance of the worm: a new name of the main worm-carrier file (TEEKIDS.EXE instead of MSBLAST.EXE), a different method of code compression (FSG instead of UPX), and new "copyright" strings in the body of the worm abusing Microsoft and anti-virus developers.

Users of Kaspersky® Anti-Virus can be sure that this new worm will not harm to their computers. All Kaspersky Lab products effectively detect both modifications of "Lovesan", without requiring an update.

13 Aug 2003