Gaggle-B worm is making a home in Outlook Express

Discussion in 'malware problems & news' started by bigc73542, Jan 22, 2004.

Thread Status:
Not open for further replies.
  1. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Wednesday 21st January 2004       


    Gaggle-B worm is making a home in Outlook Express
    [PC Pro] 18:40

    A Spanish virus with antivirus disabling capabilities is on the Net.

    VBS/Gaggle-B is an email worm that harvests emails on the infected computer
    and sends itself on to them while creating an entry in the Registry to store
    information about successfully sent emails. Additionally, it sets Outlook
    Express to use an infected template so that all mail sent through the client
    will carry the worm.

    It also attempts to spread through IRC channels, such as instant messaging
    services.

    It tries to disable and delete antivirus products and system tools such as
    RegEdit by creating the file AngeldelMar.html. It searches out VBS or VBE
    files on local or remote drives and overwrites them and changes the
    filenames and extensions of other files found, such as HTML. It also points
    the IE homepage to http://www.gratisweb.com/machinedramon1/sachiel.scr.

    Gaggle uses a variety of subject, message and attachment names, in Spanish.
    And if the sum of the day of the month and the month of the year is equal to
    27, a dialog box displaying text will also appear in Spanish
     
  2. NeonWizard

    NeonWizard Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    64
    Location:
    Vancouver,Canada
    Damn worms, they get smarter and smarter everyday.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Do you think we might get lucky and all of the malware writers just quit===== Nah never happen lets just hope that the av,at, and antiworm techs keep ahead of the bad guys. ;)
     
Loading...
Thread Status:
Not open for further replies.