Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp lovegate [backdoor] lovegate virus
Top IPs Scanning
Today Yesterday
79.110.62.62 (2)45.93.20.148 (4)
167.94.138.105 (1)204.10.53.162 (4)
91.148.190.150 (1)79.110.62.62 (3)
User Comments
Submitted By Date
Comment
Colin Keith 2009-10-04 18:45:22
From: http://www.sarc.com/avcenter/venc/data/w32.hllw.lovgate.d@mm.html "W32.HLLW.Lovgate.D@mm .. The subject and attachment of the incoming email are chosen from a predetermined list. The worm also has a Backdoor Trojan capability. By default, the Trojan component listens on TCP ports 10168 and 20168." So portscans for this port are people looking to gain control of Windows boxes that have already been infected with this worm.
Johannes Ullrich 2003-02-25 18:56:03
The 'lovegate' virus will install a backdoor on this port.
Nick FitzGerald 2003-02-25 03:29:08
-----BEGIN PGP SIGNED MESSAGE----- Port 10168 (TCP) is used by the recent (Feb 2003) virus family Lovgate. All variants of the virus known as of now (.A - .C) install a backdoor that listens on that port and may open a command shell there in response to a suitable connection attempt. Below are a few antivirus vendor descriptions of various members of the family, which may have originated from China. Several sources suggest a concerted attempt to spread Lovgate.C on 24 Feb 2003; for example, see the MessageLabs link below. http://www3.ca.com/virusinfo/virus.asp?ID=14380 http://www.f-secure.com/v-descs/lovgate.shtml http://vil.nai.com/vil/content/v_100085.htm http://vil.nai.com/vil/content/v_100072.htm http://www.sarc.com/avcenter/venc/data/w32.hllw.lovgate@mm.html http://www.sarc.com/avcenter/venc/data/w32.hllw.lovgate.b@mm.html http://www.sarc.com/avcenter/venc/data/w32.hllw.lovgate.c@mm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOVGATE.B&VSect=T http://www.messagelabs.com/viruseye/toptrump.asp?wi=W32/LovGate.C-m -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQCVAwUBPlu0sI2yC8NpBpE5AQGuywQAxXamqV7E5LXewlS30kIKV7Ls1TlOrtFH tkQvXbuPrSkQvv/BT9OK5WSbY+at23c7aaX7z5rtnETUWv/cluH1oPv5S41DILDN Kh5/fSMWzZDyXfwcIbTSmtbRHrdDavIV3bcsrDXbACkvNr03/2Mp8YUetsKm8AaH NmeR1AKR6ns= =1bdh -----END PGP SIGNATURE-----
Top of page
CVE Links
CVE # Description
Top of page