W32/Gibe Last Updated 3/12/02 10:30am

A W32/Gibe is an mass emailing worm. The worm sends itself under the guise of being a Microsoft security update.

The worms arrives with the sender as:
Microsoft Corporation Security Center

The subject of the email is:
Internet Security Update

The message body is:
Microsoft Customer, this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities.
(The text proceeds to descibe the vulnerabilities and how to apply the patch)

The attachment is:
Q216309.exe

Opening the attachment installs the worm. The worm also installs a backdoor trojan that is detected as BackDoor-ABJ by VirusScan/Netshield using DAT 4189 and scan engine 4.1.60.

The worm is currently detected and removed by VirusScan/Netshield using Dat 4189 and scan engine 4.1.60 or higher. SuperDat 4191 will update Dat files to Dat 4191 and also update the scan engine to 4.1.60.

For more information see http://vil.nai.com/vil/content/v_99377.htm from NAI.

Do Not Open The Attachment!

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.