Kevine Fetter message "new satellite launch" contains a virus.

From: Quin (
Date: Fri Jul 18 2003 - 13:41:12 EDT

  • Next message: Ted Molczan: "ADMIN RE: Kevine Fetter message "new satellite launch" contains a virus."

    The Kevin Fetter message "new satellite launch" contained a nasty.
    The Symantic product on my machine indicated the "wqNHwomwl.exe" contained
    the W32.Gibe.b@mm which was in the message.
    W32.Gibe.B@mm is a variant of W32.Gibe@mm. This mass-mailing worm uses
    Microsoft Outlook and its own SMTP engine to send itself to all the contacts
    in the Microsoft Outlook Address Book and the Windows Address Book. The
    email is disguised as a Microsoft Security Update and it arrives with an
    attachment that has a .exe or .zip file extension.
    W32.Gibe.B@mm copies itself as WebLoader.exe to the startup folder of all
    the mapped remote drives. This worm also attempts to spread through the
    KaZaA file-sharing network and Internet Relay Chat (IRC). W32.Gibe.B@mm may
    send itself to some news groups whose URLs are carried by the worm.
    This threat is written in the Microsoft Visual Basic programming language.
    NOTE: Virus definitions dated on February 25, 2003 may detect this threat as
    Also Known As: WORM_GIBE.B [Trend], W32/Gibe.b@mm [McAfee], W32/Gibe-D
    [Sophos], I-Worm.Gibe.b [KAV], Win32.Gibe.B [CA]
    Type: Worm
    Infection Length: 155,648 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows
    XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux
    CVE References: CVE-2001-0154
    To unsubscribe from SeeSat-L, send a message with 'unsubscribe'
    in the SUBJECT to
    List archived at

    This archive was generated by hypermail 2b29 : Fri Jul 18 2003 - 13:46:40 EDT