Initial analysis of W32/Gibe.B suggests it is a mass-mailing virus capable of spreading using email, via network shares and IRC, according to MessageLabs, which has intercepted copies.
Once activated, the virus appears to gather any email addresses from the recipients' computer, both from Microsoft Outlook and from files found on the hard disk. The email attempts to impersonate a Microsoft Security Update email, and may comprise a variety of subject headings and attachment names.
Read samples and view a chart of daily catch statistics here.
According to Panda Software, Gibe.B also spreads via the file-sharing program KaZaA. Its effects are more annoying than damaging. In order to carry out its infection, this worm exploits two vulnerabilities in Internet Explorer (Exploit IFRAME and Incorrect MIME Header).
If Gibe.B reaches computers via e-mail, the computer will become infected by simply viewing the message carrying the worm through Outlook's Preview Pane. Gibe.B is easy to recognize, and when the worm is run for the first time, it displays a message in order to try to confuse the user of the affected computer. View the message here.
XM97/Aro-A an Excel 97 Macro Virus
When an infected file is used, XM97/Aro-A spreads into any other files that have been opened in Excel. The virus hides itself in an invisible worksheet called "Sheet17," according to Sophos. XM97/Aro-A does not copy itself to the XLSTART folder. Removal instructions can be found on this Sophos Web page.
Mass-Mailing Worm W32.HLLW.Cydog@mm Targets Outlook Contacts
W32.HLLW.Cydog@mm is a mass-mailing worm that spreads by email. This worm uses Microsoft Outlook to send itself to the contacts in the Outlook Address Book. The email will have a random subject which is chosen from a predetermined selection.
The attachment will have a random filename chosen from a predetermined selection and a file extension of .exe or .scr. W32.HLLW.Cydog@mm also attempts to spread using the KaZaA, eDonkey2000, Bearshare, Grokster, and Morpheus file-sharing networks.
The worm attempts to terminate the active processes of various antivirus programs and system utilities. W32.HLLW.Cydog@mm also targets files related to Norton Antivirus for deletion. W32.HLLW.Cydog@mm is a Visual Basic application that is packed with UPX 1.24. Learn more on this Symantec Web page.
Trojan.Barjac Sends Info to Its Author
Trojan.Barjac emails system information to the Trojan's author, including the computer name, IP address, Microsoft Outlook email addresses, and files that have the .doc extension. Trojan.Barjac sends the email to a tiscali.ch email address, using the SMTP server 212.40.5.65 (mail.tiscalinet.ch).
For more information, check here.
Loading Comments...