Post a Reply
Back to the Forum
The worm has discovered on the 24/02/2003
My free anti-virus downloaded the new DAT files on the 25/02/2003
My free anti-virus downloaded the new DAT files on the 25/02/2003
Posted: 10:38 Mar 03 2003
New IRC Virus Alert
Not considered to be high risk. But can affect IRC users.
Advanced warning of Tech Speak!
Email, Kazaa, and mIRC Worm - WORM_GIBE.B (Low Risk)
WORM_GIBE.B propagates via email, shared folders using Kazaa, and via Internet Relay Chat applications such as mIRC. When propagating via email, it obtains its recipients from email addresses listed in the Windows Address Book and addresses remotely retrieved from certain news servers. This worm arrives in an email as a security patch from Microsoft. It sends email with a random subject, message body, and attachment name. This malware affects Windows 95, 98, ME, NT, 2000, and XP platforms.
This worm arrives as either a zipped email attachment, or as a file retrieved from a Kazaa file-sharing application, or Internet Relay Chat. Upon first execution, it displays a fake license message and drops the following files in the Windows directory:
-Gibe.dll - this is the exact copy of this worm
-DX3DRndr.exe - this is the mailer component of this worm -MSBugAdv.exe - this component connects to a random server listed in the dropped WMSysDx.bin file -WMSysDx.bin - this is the list containing the URL that this worm connects to.
It also drops compressed copies of itself in zip format as UPDATE.ZIP or a random file name in the Windows and Windows Temporary folders. In addition, it creates a subfolder in the Windows Temporary directory using a random name.
In the folder, it drops an .EXE format and a .ZIP format copy of itself. The file name of the files could be any of 13 possible names. Then, this worm adds a registry entry so that its copy executes on the infected system on subsequent Windows startups.
This worm uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate via email. It obtains the email addresses of its recipients from the Windows Address Book.
The email that it sends out contains a random subject, message body, and attachment name. In some instances, the worm may send an email with a blank message body. The malware also connects to any of 137 specific Network News Transfer Protocol (NNTP) servers where it attempts to search for addresses where it can send email.
Advanced warning of Tech Speak!
Email, Kazaa, and mIRC Worm - WORM_GIBE.B (Low Risk)
WORM_GIBE.B propagates via email, shared folders using Kazaa, and via Internet Relay Chat applications such as mIRC. When propagating via email, it obtains its recipients from email addresses listed in the Windows Address Book and addresses remotely retrieved from certain news servers. This worm arrives in an email as a security patch from Microsoft. It sends email with a random subject, message body, and attachment name. This malware affects Windows 95, 98, ME, NT, 2000, and XP platforms.
This worm arrives as either a zipped email attachment, or as a file retrieved from a Kazaa file-sharing application, or Internet Relay Chat. Upon first execution, it displays a fake license message and drops the following files in the Windows directory:
-Gibe.dll - this is the exact copy of this worm
-DX3DRndr.exe - this is the mailer component of this worm -MSBugAdv.exe - this component connects to a random server listed in the dropped WMSysDx.bin file -WMSysDx.bin - this is the list containing the URL that this worm connects to.
It also drops compressed copies of itself in zip format as UPDATE.ZIP or a random file name in the Windows and Windows Temporary folders. In addition, it creates a subfolder in the Windows Temporary directory using a random name.
In the folder, it drops an .EXE format and a .ZIP format copy of itself. The file name of the files could be any of 13 possible names. Then, this worm adds a registry entry so that its copy executes on the infected system on subsequent Windows startups.
This worm uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate via email. It obtains the email addresses of its recipients from the Windows Address Book.
The email that it sends out contains a random subject, message body, and attachment name. In some instances, the worm may send an email with a blank message body. The malware also connects to any of 137 specific Network News Transfer Protocol (NNTP) servers where it attempts to search for addresses where it can send email.
3 Replies and 691 Views in Total.
Posted: 10:38 Mar 03 2003
So the easy way to not get this would be not to open email attachments/execute downloaded files unless you trust the source..commen sense really *shrug*
Posted: 13:28 Mar 03 2003