Gaobot.GLV is a worm that ends processes belonging to several security tools, such as antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.

Gaobot.GLV prevents users from accessing several web pages, mainly belonging to antivirus companies and computer security companies.

Additionally, this worm also installs its own TFTP (Trivial File Transfer Protocol) server on the affected computer.


Gaobot.GLV uses different means to spread:

  • It makes copies of itself in the shared network resources it accesses to.
  • It exploits the LSASS, RPC DCOM, WINS, Workstation Service Buffer Overrun and Buffer Overrun in SQL Server 2000 Resolution Service vulnerabilities to spread across the Internet.
  • It can access computers with the application SQL Server installed, and whose SA (System Administrator) account password is blank.
  • However, due to some programming errors, Gaobot.GLV does not function properly on some Windows versions, which limits its propagation capabilities.

    It is highly recommendable to download the security patches for the LSASS, RPC DCOM, WINS, Workstation Service Buffer Overrun and Buffer Overrun in SQL Server 2000 Resolution Service vulnerabilities from the Microsoft website.

    Technical details can be found at this Panda Software page.