LISTSERV - HP3000-L Archives

HP3000-L Archives

June 2003, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 2003, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OT: VIRUS
From:	leslie <[log in to unmask]>
Reply To:	leslie <[log in to unmask]>
Date:	Fri, 27 Jun 2003 12:02:47 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (28 lines)

 Brice Yokem ([log in to unmask]) wrote:
: Jerry -
:
: What, exactly does the Gibe worm do, besides propagate itself?
:
That looks like the main thing it does, per the writeup:

   http://www.f-secure.com/v-descs/gibe_b.shtml
   F-Secure Computer Virus Information Pages: Gibe.B

  "...The worm tries to send infected messages through SMTP servers
   listed in its WMSynDx.bin file.

   The worm has some additional functionalities. It tries to access the
   'ww2.fce.vutbr.cz' website to increment some counter. This can be
   counter for infected computers. Also the worm runs the dropped
   MSBugAdv.exe file with 'suck' command line option.

   If the MSBugAdv file run without 'suck' command line, it tries to open
   Microsoft's website support section in default webbrowser. Otherwise
   the file remains active in Windows memory as a service process.

   To disinfect a system from Gibe worm it's enough to remove all
   infected files from a hard disk..."

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU