Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Gibe worm is easy to avoid, says Sophos

  • 19 September, 2003 15:23

<p>Sophos Anti-Virus is warning of a new Windows worm, named W32/Gibe-F, which arrives as an email attachment masquerading as a security patch. The emails sent out by this worm include a message which is randomly constructed from a wide range of realistic-sounding phrases, so there is no fixed text to watch out for. But companies such as Microsoft never send out security patches by email, which makes the Gibe worm a dead giveaway.</p>
<p>If an infected attachment is opened, the Gibe worm starts to spread. It covers its tracks by producing just the sort of message you might expect from a security patch, such as "Microsoft Internet Update Pack – This update does not need to be installed on this system", or "This will install Microsoft Security Update. Do you wish to continue?".</p>
<p>In the background, however, Gibe searches your hard disk for email addresses and sends out a copy of itself to each of them. Gibe tries to switch off a range of security and anti-virus products – which may open you up to reinfection by older viruses against which you thought yourself safe.</p>
<p>Gibe also attempts to spread using peer-to-peer networking by copying itself to KaZaA shared folders. Here, it disguises itself with the sort of filename that has become typical amongst virus writers, implying it has something to do with porn, drugs, hacking and even virus cleanup.</p>
<p>Sophos has the following advice:</p>
<p>1. Never accept security updates which arrive as email attachments. (For that matter, don't blindly follow web links which arrive by email, either, especially if they take you directly to a software download).</p>
<p>2. If you have a mail server which can block attachments (such as Sophos's MailMonitor for SMTP), disallow the sending or receiving of attachments which contain programs. It is almost impossible to make a business case for using email to distribute programs, on account of the associated dangers.</p>
<p>3. Update your anti-virus software regularly so you can identify new worms and viruses effectively and accurately.</p>
<p>4. Emails which sound too strange to be true, or sound too good to be true, or are just too conveniently-timed to be true, probably aren't true. You don't need to be cynical or paranoid to exercise caution!</p>
<p>5. If you have peer-to-peer file sharing programs installed on your company's network, consider removing them. It is almost impossible to make a business case for unregulated file sharing across the internet, on account of the associated dangers.</p>
<p>6. Doing nothing about viruses and worms is not an option. Once infected by a worm like Gibe, your computer will try to send the worm to as many other potential victims as it can. Even if you don't care about your computer, be considerate of the effect that your carelessness might have on other internet users.</p>
<p>For further information about W32/Gibe-F, see:</p>
<p>For protection against W32/Gibe-F, see:</p>
Paul Ducklin ( is available for comment:
+61 407 320 515 (mobile)
+61 2 9409 9100 (tel)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular