New virus outbreak threatening computers

The latest computer virus outbreak, Lovgate - a mass-mailing e-mail worm thought to have originated from China - has reached computer users in the country.

The virus recently attacked Brunei Shell Petroleum Co Sdn Bhd computers, leading the oil company to issue a statement of caution to its computer users.

Known technically as W32/Lovgate@M, the latest virus could not be detected by the existing version of McAfee software (4248) on desktops, file servers and legacy (Exchange 5.5) email servers, and Sybari Antigen software on Exchange 2000 e-mail servers.

The statement from Brunei Shell said significant numbers of PCs have been infected and a "Global Situation" was declared earlier on Monday, Feb 24.

However, new virus signature patterns to detect the virus have now been released by anti-virus software such as McAfee, Sophos, and other AV vendors.

During the outbreak, all Exchange 2000 servers were disconnected from the Brunei Shell network in order to restrict the spread of the virus and to protect data.

Brunei Shell detected the W32/Lovgate@M virus, which was spread via e-mail as a reply to a genuine message found in the inbox of the infected PC, using the original subject line.

The sender requested e-mail recipients to look at the e-mail attachment, which is an EXE file with one of the 16 names. Once the user opened the EXE file, the virus infected the PC.

"The virus sends copies of itself to the senders of any unread items of mail in the user's mailbox in the format described above.

"It records user keystrokes (e.g. password input) and saves them in a file and it attempts to e-mail a number of external e-mail addresses with information about the PC, enabling a hacker to access the PC remotely via a backdoor opened by the virus," the statement.

According to the statement, "Once the file is opened, your PC will be infected and you will need to change any password entered while it is infected with the virus. If you are unsure of what to do, call an expert," it said.

The new virus includes a backdoor component, which allows remote manipulation of the infected machine.

According to antivirus vendor F-Secure, Lovgate copies itself to shares using names such as fun.exe, humor.exe, docs.exe, s3msong.exe, midsong.exe, billgt.exe, Card.EXE, SETUP.EXE, searchURL.exe, tamagotxi.exe, hamster.exe, news_doc.exe, PsPGame.exe, joke.exe, images.exe and pics.exe.