Gaggle-B worm is making a home in Outlook Express

Wednesday 21st January 2004       


Gaggle-B worm is making a home in Outlook Express
[PC Pro] 18:40

A Spanish virus with antivirus disabling capabilities is on the Net.

VBS/Gaggle-B is an email worm that harvests emails on the infected computer
and sends itself on to them while creating an entry in the Registry to store
information about successfully sent emails. Additionally, it sets Outlook
Express to use an infected template so that all mail sent through the client
will carry the worm.

It also attempts to spread through IRC channels, such as instant messaging
services.

It tries to disable and delete antivirus products and system tools such as
RegEdit by creating the file AngeldelMar.html. It searches out VBS or VBE
files on local or remote drives and overwrites them and changes the
filenames and extensions of other files found, such as HTML. It also points
the IE homepage to http://www.gratisweb.com/machinedramon1/sachiel.scr.

Gaggle uses a variety of subject, message and attachment names, in Spanish.
And if the sum of the day of the month and the month of the year is equal to
27, a dialog box displaying text will also appear in Spanish

 

Damn worms, they get smarter and smarter everyday.

 

Do you think we might get lucky and all of the malware writers just quit===== Nah never happen lets just hope that the av,at, and antiworm techs keep ahead of the bad guys.