Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It moves the mouse around the screen, obstructing the tasks performed. It spreads via e-mail, through KaZaA and across networks.|
|Detection updated on:||Oct. 28, 2003|
|Yes, using TruPrevent Technologies
Lohack.D is a worm that spreads via e-mail, through the peer-to-peer (P2P) file sharing program KaZaA and across networks.
The e-mail message carrying Lohack.D is always in Spanish and has extremely variable characteristics. The content of many of these messages refers to the Spanish Information Society and E-mail Services Law. Furthermore, Lohack.D tricks users into thinking that the message has been sent from a trustworthy source by using one of the following addresses as the sender of the message:
Ministerio de Ciencia y Tecnología (firstname.lastname@example.org)
Panda Antivirus (OXYGEN@pandasoftware.es)
Lohack.D exploits a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows it to be automatically run when the message carrying the worm is viewed in the Preview Pane.
In addition, Lohack.D moves the mouse around the screen, obstructing the tasks performed.
Lohack.D is easy to recognize when it reaches the computer via e-mail, as the message has the following characteristics:
Once the attached file is run, Lohack.D displays a message in Spanish that refers to the Information Society and E-mail Services Law:
In order to see this message, click here.
In addition, Lohack.D moves the mouse around the screen without user intervention, obstructing the tasks performed.