GIBE Virus Poses As Microsoft E-Mail
The W32/GIBE worm which went into effect Wednesday seems to have done very little damage, even though the worm posed as a security update from Microsoft.The W32/GIBE worm that went into effect Wednesday seems to have done very little damage, even though the worm posed as a security update from Microsoft. The worm, known variously as W32/Gibe@mm, WORM_GIBE.A, or W32/Gibe-A, is hidden within an "Q216309.exe" attachment in an email message from the "Microsoft Corporation Security Center". The email does not originate from Microsoft. The worm installs a back-door Trojan application and attempts to replicate itself through Microsoft Outlook. As of Friday, Symantec Corp. had found only three sites which had been infected by the virus, and ranked its geographics distribution as "low". MessageLabs.com ranked the GIBE worm ninth among all active virii for the last 24 hours, well below the still-active SirCam.A worm, which still ranks first among the most active worms.
The message the worm sends reads, in part: "Microsoft Customer, this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities." The email then advises the customer to open the "Q216309.exe" attachement to "fix" the security risks.