Brice Yokem ([log in to unmask]) wrote:
: Jerry -
:
: What, exactly does the Gibe worm do, besides propagate itself?
:
That looks like the main thing it does, per the writeup:
http://www.f-secure.com/v-descs/gibe_b.shtml
F-Secure Computer Virus Information Pages: Gibe.B
"...The worm tries to send infected messages through SMTP servers
listed in its WMSynDx.bin file.
The worm has some additional functionalities. It tries to access the
'ww2.fce.vutbr.cz' website to increment some counter. This can be
counter for infected computers. Also the worm runs the dropped
MSBugAdv.exe file with 'suck' command line option.
If the MSBugAdv file run without 'suck' command line, it tries to open
Microsoft's website support section in default webbrowser. Otherwise
the file remains active in Windows memory as a service process.
To disinfect a system from Gibe worm it's enough to remove all
infected files from a hard disk..."
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *