Parent class: TrojWare
Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: WinREG
No platform descriptionDescription
Technical Details
This is the first known Internet-worm in the Logo language that is widely used by schools worldwide. The worm itself is a LGP file, that is, a Logo Project File. It can be executed with special interpreter software like SuperLogo for Windows.
The worm doesn't spread by itself; rather it drops two different components:
- a VBS file to spread through e-mail a la LoveLetter
- an INI file to spread through IRC channels
It also drops a BAT file that writes a message on the screen during Windows startup. The message is:
You think Logo worms don't exist? Think again!
The worm creates a VBS file in a Windows startup folder, thus, it will be executed automatically upon the next Windows startup. The scripts in the VBS file create and send a message via Outlook to every entry in the address book. These messages have:
Subject: Hey friends!
Body: Hello! Look at my new SuperLogo program! Isn't it cool?
Attached file name: logic.lgp
An MIRC script in the worm's INI file is very short, and just sends the worm's LGP file to all users joining an infected channel.
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com