INTERNET WORM SPREADS RAPIDLY
Virus Name : W32.Gibe.A@mm
Alias : I-Worm.Gibe.A,
Virus type : Internet
level : Medium
an Internet worm uses Microsoft Outlook and its own
SMTP engine to spread. The worm is 122880 bytes
long and the e-mail attachment name will be "Q216309.exe". Gibe worm sends fakes
email as it is an update coming from
this is the latest version of security
update, the update which eliminates all known
security vulnerabilities affecting Internet
Explorer and MS Outlook/Express as well as six
new vulnerabilities, and is discussed in
Microsoft Security Bulletin MS02-005. Install now
to protect your computer from these
vulnerabilities, the most serious of which could
allow an attacker to run code on your computer.
Description of several well-know
- "Incorrect MIME Header Can Cause IE
to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail
or hosts an affected e-mail on a Web site, and a
user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the
executable on the user's computer.
- A vulnerability that could allow an
unauthorized user to learn the location of cached
content on your computer. This could enable the
unauthorized user to launch compiled HTML Help
(.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized
user to run the executables on your computer.
- A new variant of the "Frame Domain
Verification" vulnerability could enable a
malicious Web site operator to open two browser
windows, one in the Web site's domain and the
other on your local file system, and to pass
information from your computer to the Web site.
- CLSID extension vulnerability.
Attachments which end with a CLSID file extension
do not show the actual full extension of the file
when saved and viewed with Windows Explorer. This
allows dangerous file types to look as though
they are simple, harmless files - such as JPG or
WAV files - that do not need to be blocked.
Versions of Windows no earlier than Windows 95.
This update applies to:
Versions of Internet Explorer no earlier than
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing
For more information about these issues,
read Microsoft Security Bulletin MS02-005, or
visit link below.
If you have some questions about this article
contact us at email@example.com
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
Microsoft is registered trademark of Microsoft
Windows and Outlook are trademarks of Microsoft
executed, the worm displays the following message
the user clicks "yes", the worm
displays the following message box. If the user
selects "No", the worm won't display
any message box. But it will install in the
the user tries to install second time, the worm
displays the following message box.
worm drops several components in the system. It
drops Q216309.exe, BcTool.exe,
WinNetw.exe, GfxAcc.exe, 02_N803.dat
directory and Vtnmsccd.dll in
the Windows System directory.
also creats creates the following registry keys
"3DfxAcc" = "\%WinDir%\GfxAcc.exe"
"LoadDBackUp" = "\%WinDir%\BcTool.exe"
"Installed" = "... by Begbie"
Finally, Gibe worm
e-mails the infected messages using the addresses
stored in 02_N803.dat. Gibe worm is also known
as W32.Gibe.A@mm, W32/Gibe-A, WORM_GIBE.A.
How can I protect my
Solo has incorporated
W32.Gibe.A@mm in its signature file to protect
users from this worm attack. Solo antivirus
registered users are already protected from this
worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
you are already infected with this worm, you can
remove it from your computer using Solo Antivirus
software. Solo antivirus can detect and
remove W32.Gibe.A@mm safely. Use the
following link to Download 30 day trial
version of Solo antivirus
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VBS, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link