Threat Descriptions

Lager.DP

Classification

Category :

Malware

Type :

Worm

Platform :

W32

Aliases :

Lager.DP

Summary

Lager.DP is a mass mailing worm that drops a copy of Small.DAM.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Lager.DP arrives on the system as an attachment to spam emails.

When executed, Lager.DP drops a copy of itself named "alsys.exe" in the Windows system directory.

It also drops several files in various locations on the system using a random eight character filename.

  • [8 random characters].t

In addition to this, it drops and executes a randomly named copy of Small.DAM in the current directory.

It also adds the following registry entries to enable its automatic execution upon system Startup:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunAgent = "%sysdir%\alsys.exe"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunAgent = "%sysdir%\alsys.exe"

Propagation

Lager.DP propagates by mailing itself to several email addresses gathered from the affected system.

It may use any of the following string as its Subject:

  • 5 Reasons I Love You
  • A Bouquet of Love
  • A Day in Bed Coupon
  • A Hug & Roses
  • A Kiss So Gentle
  • A Kiss for You
  • A Little (sex) Card
  • A Monkey Rose for You
  • A Red Hot Kiss
  • A Relaxing Coupon
  • A Romantic Place
  • A Song to You
  • A Special Flower for You
  • A Special Kiss
  • A Sweet Love
  • A Token of My Love
  • A Weekend Getaway
  • Against All Odds
  • All For You
  • All That Matters
  • Angel of Love
  • Awaiting Your Love
  • Baby, I'll Be There
  • Back Together
  • Between Us
  • Bewitching Moonlight
  • Brand New Love
  • Breakfast in Bed Coupon
  • Bubble Bath Coupon
  • Can't Wait to See You!
  • Crazy way to say I Luv U
  • Cuddle Me Please
  • Cuddle Up
  • Cyber Love
  • Dancing With You
  • Dinner Coupon
  • Doing It for You
  • Dream Date Coupon
  • Dream Girl
  • Emptiness Inside Me
  • Eternity of Your Love
  • Evening Romance
  • Every Inch of Your Body
  • Everyone Needs Someone
  • Falling In Love with You
  • Feeling Horny?
  • Fields Of Love
  • For Better of For Worse
  • For You
  • For You....My Love
  • Forever and Ever
  • Forever in Love
  • From this day forward
  • Full Heart
  • Hand in Hand
  • He Blessed Our Lives
  • Heart is Breaking
  • Heart of Mine
  • Hey Cutie
  • Hold Me (distant love)
  • Hold On
  • How Much I Love You
  • Hugging My Pillow
  • I Always Knew
  • I Am Lost In You
  • I Believe
  • I Can't Function
  • I Dream of you
  • I Give to You
  • I Love Thee
  • I Love You Mower
  • I Love You So
  • I Love You Soo Much
  • I Love You with All I Am
  • I Still Love You
  • I Think of You
  • I Win with You
  • I Woof You
  • I Would Do Anything
  • I Would Give you Anything
  • I am Complete
  • I wish
  • I'll Be Your Man
  • If I Could
  • If I Knew
  • In Love
  • In My Heart
  • Inside My Heart
  • Internet Love
  • It's Your Move
  • Just You
  • Just You & Me
  • Kiss Coupon
  • Kisses, Hugs & Roses
  • Last Night was Hot!
  • Let's Get Frisky
  • Live With Me
  • Longing for You
  • Love Birds
  • Love Remains
  • Love You Deeply
  • Love at First Sight
  • Love for Granted
  • Love is in the Air
  • Made for Each Other
  • Magic of Flowers
  • Massage Coupon
  • Memories
  • Miracle of Love
  • Moonlit Waterfall
  • Most Beautiful Girl
  • My Eye on You
  • My Heart belongs to you
  • My Heart is Thinking
  • My Invitation
  • My Love
  • My Perfect Love
  • Now I Know
  • Now and Forever
  • Old Together
  • Only You
  • Our Love
  • Our Love Everyday
  • Our Love Nest
  • Our Love Will Last
  • Our Love is Free
  • Our Love is Strong
  • Our Two Hearts
  • Our Wedding Day
  • Our love is torn by miles
  • P.M.S
  • Passionate Kiss
  • Peek-A-Boo
  • Pockets of Love
  • Puppy Love
  • Red Rose
  • Romantic Picnic Coupon
  • Rose for my Love
  • Safe With You
  • Safe and Sound
  • Search for One
  • Sending Kiss
  • Sending You My Love
  • Showers Of Love
  • So Unique
  • So in Love
  • Solitary Beauty
  • Someone at Last
  • Soul Mates
  • Soul Partners
  • Steamy Dream
  • Steamy Sex Coupon
  • Summer Love
  • Take My Hand
  • Teddy Bear & Roses
  • Tender Whispers
  • Thanks...Love
  • That Special Love
  • The Candle's Light
  • The Dance of Love
  • The Kiss
  • The Letter
  • The Long Haul
  • The Love Bugs
  • The Miracle of Love
  • The Mood for Love
  • The Sweet Taste of Love
  • The Time for Love
  • Thinking about you
  • Thinking of You
  • This Day Forward
  • This Feeling
  • Til the End of Time
  • Till Morning's Light
  • Till Morninig's Light
  • Times Are Hard, I Luv U
  • To New Spouse
  • Together Again
  • Together You and I
  • Touched by Love
  • True Love
  • Trunk Full Of Love
  • Twice Blest
  • Twilight Paradise
  • Two of a Kind
  • Unique Love
  • Unmatchable Beauty
  • Until the Day
  • Vacation Love
  • Waiting for You
  • Want You to Know
  • Want to Meet?
  • We Are Different
  • We Have Walked
  • We're a Perfect Fit
  • When I look at you
  • When I'm With You
  • When You Fall in Love
  • Why I Love You
  • Wild Nights--Wild Nights
  • Will You?
  • Window of Beauty
  • Wine and Roses
  • Wish I Could Tell You
  • Wish Upon a Star
  • With All My Love
  • With All of My Heart
  • With This Ring
  • Without Your Love
  • Won't you dance with me
  • Words I Write
  • Worthy of You
  • Wrapped Up
  • Wrapped in Your Arms
  • You + Me
  • You Are My Guiding Star
  • You Asked Me Why
  • You Brighten My Day
  • You Lucky Duck!
  • You Rock Me!
  • You Were Worth the Wait
  • You and I
  • You and I Forever
  • You are out of this world
  • You're My Hero
  • You're Soo kissable
  • You're so Far Away
  • You're the One
  • Your Love Has Opened
  • Your Silly Smile

Attachments may be any of the following filenames:

  • Flash Postcard.exe
  • flash postcard.exe
  • greeting postcard.exe
  • Greeting Postcard.exe
  • greeting card.exe
  • Greeting Card.exe
  • postcard.exe
  • Postcard.exe