5/19: Gaobot-GLV Worm Kills Security
Gaobot.GLV is a worm that ends processes belonging to several security tools, such as antivirus programs and firewalls, among others.
Gaobot.GLV is a worm that ends processes belonging to several security tools, such as antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.
Gaobot.GLV prevents users from accessing several web pages, mainly belonging to antivirus companies and computer security companies.
Additionally, this worm also installs its own TFTP (Trivial File Transfer Protocol) server on the affected computer.
Gaobot.GLV uses different means to spread:
However, due to some programming errors, Gaobot.GLV does not function properly on some Windows versions, which limits its propagation capabilities.
It is highly recommendable to download the security patches for the LSASS, RPC DCOM, WINS, Workstation Service Buffer Overrun and Buffer Overrun in SQL Server 2000 Resolution Service vulnerabilities from the Microsoft website.
Technical details can be found at this Panda Software page.