Parent class: TrojWare

Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: WinREG

No platform description


Technical Details

This is the first known Internet-worm in the Logo language that is widely used by schools worldwide. The worm itself is a LGP file, that is, a Logo Project File. It can be executed with special interpreter software like SuperLogo for Windows.

The worm doesn't spread by itself; rather it drops two different components:

  • a VBS file to spread through e-mail a la LoveLetter
  • an INI file to spread through IRC channels

It also drops a BAT file that writes a message on the screen during Windows startup. The message is:

You think Logo worms don't exist? Think again!

The worm creates a VBS file in a Windows startup folder, thus, it will be executed automatically upon the next Windows startup. The scripts in the VBS file create and send a message via Outlook to every entry in the address book. These messages have:

Subject: Hey friends!
Body: Hello! Look at my new SuperLogo program! Isn't it cool?
Attached file name: logic.lgp

An MIRC script in the worm's INI file is very short, and just sends the worm's LGP file to all users joining an infected channel.

Read more

Find out the statistics of the vulnerabilities spreading in your region on

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.