x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Lentin.R

 
Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Lentin.R
Technical name:W32/Lentin.R
Threat level:Medium
Type:Virus
Effects:  It finishes processes, sends out confidential information, launches DoS attacks, and modifies files on IIS servers.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:June 5, 2003
Detection updated on:June 10, 2003
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Lentin.R is a dangerous worm that ends active processes on the affected computer. In addition, it sends out an e-mail message with confidential information to the attacking user.

Lentin.R also launches DoS attacks on five Internet websites.

Finally, Lentin.R checks if the computer under attack is an IIs web server (Internet Information Server). If this is the case, it modifies all files with HTM or HTML extension found in the root directory of the hard drive, by adding two links to the worm author's website.

Lentin.R spreads extremely quickly by e-mail. The e-mail it sends out has variable characteristics. Moreover, if the affected computer is connected to a network, the worm creates three copies of itself in all available shared network drives.

It is very easy to become infected by this worm, as it is automatically activated when the message is viewed through Outlook’s Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame.

Visible Symptoms 

    

Lentin.R is difficult to recognize, as it does not display any messages or warnings that indicate that it has infected a computer.

It is also difficult to identify the messages carrying Lentin.R, as their characteristics vary each time. The name of the attached file that carries out the infection is selected at random from a list and has an SCREXE or COM  extension.

If you want to see the list of possible names for the file attached to the e-mail message in which Lentin.R reaches the computer, click here.