VILLA21
1
The latest Gibe worm virus (also known as Swen-A) is programmed to disable a host of security features on Microsoft Windows PCs, including personal firewalls, anti-virus, system monitoring tools and the Registry Editor.
The worm can spread via multiple mechanisms, including email, Peer-to-Peer networks like KaZaA, Internet Relay Chat (IRC) and local network shares. In the case of email, the message normally looks like a Microsoft web page, in order to trick the user into believing that the attachment is a security patch. However, if the user has the Preview Pane configured then the attachment will be automatically executed as soon as the email is viewed(Ohh, Gosh!
). Alternatively the email can appear as a delivery failure notification.
Lessons:
* Configure Outlook not to use a Preview Pane.
* Use a proper firewall such as Corporate Server(Linux Box ?) rather than personal firewalls that can so easily be disabled.
The worm can spread via multiple mechanisms, including email, Peer-to-Peer networks like KaZaA, Internet Relay Chat (IRC) and local network shares. In the case of email, the message normally looks like a Microsoft web page, in order to trick the user into believing that the attachment is a security patch. However, if the user has the Preview Pane configured then the attachment will be automatically executed as soon as the email is viewed(Ohh, Gosh!
). Alternatively the email can appear as a delivery failure notification.Lessons:
* Configure Outlook not to use a Preview Pane.
* Use a proper firewall such as Corporate Server(Linux Box ?) rather than personal firewalls that can so easily be disabled.
