W32/Gibe-D

Category: Viruses and Spyware Protection available since:23 Apr 2003 00:00:00 (GMT)
Type: Win32 worm Last Updated:23 Apr 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Gibe-D is a worm which spreads by sending out email and by making itself available for download via the KaZaA peer-to-peer file sharing system.

If you run an infected file, W32/Gibe-D pops up a dialog claiming to be a Microsoft security update. (Microsoft never send out security updates via email, and never publish security updates on peer-to-peer file sharing networks.)

W32/Gibe-D drops a number of files onto your hard disk. These include a file named DX3DRndr.exe (detected by this identity), which is a mailing program. W32/Gibe-D also makes copies of itself, including multiple copies in your KaZaA folder. These files may have a variey of names, including:

IEPatch.exe
KaZaA upload.exe
Porn.exe
Sex.exe
XboX Emulator.exe
PS2 Emulator.exe
XP update.exe
XXX Video.exe
Sick Joke.exe
Free XXX Pictures.exe
My naked sister.exe
Hallucinogenic Screensaver.exe
Cooking with Cannabis.exe
Magic Mushrooms Growing.exe
I-Worm_Gibe Cleaner.exe

If you have mIRC installed, W32/Gibe-D also creates a file called Script.ini in your mIRC folder. This script is detected as mIRC/Simp-Fam.

The characteristics of the emails sent by W32/Gibe-D are variable but typically the subject line and message text are as follows:

Subject line: FWD: See these security patch from Microsoft.
Message text:
"----- Original message follows -----

Microsoft User

this is the latest version of security update, the
"February 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.

System requirements:
Win 9x/Me/2000/NT/XP

This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later

Recommendation:
Customers should install the patch at the earliest opportunity.

How to install:
Run attached file. Click Yes on displayed dialog box.

How to use:
You don't need to do anything after installing this item.

Microsoft Technical Support is available at
http://support.microsoft.com/

For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security

Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp


Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products."

The attached file is usually called UPDATE???.EXE where ??? is a random three-digit number.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy