Virus name: Gibe (also known as W32/Gibe@mm, WORM_GIBE.A, and W32/Gibe-A).
Status: Real.
Example: [Collected on the Internet, 2002]
From: Microsoft Corporation Security Center To: Microsoft Customer <'customer@yourdomain.com'> Subject: Internet Security Update Microsoft Customer, this is the latest version of security update, the Description of several well-know vulnerabilities: - "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability. - CLSID extension vulnerability. Attachments which end with a CLSID file extensiondo not show the actual full extension of the file when saved and viewed withWindows Explorer. This allows dangerous file types to look as though they are simple,harmless files - such as JPG or WAV files - that do not need to be blocked. System requirements: How to install How to use For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below. Thank you for using Microsoft products. With friendly greetings, |
Origins: Given
how used we are to seeing real security warnings about Microsoft Internet Explorer and Microsoft Outlook, it was only a matter of time before someone disguised a virus as one.
The message quoted above is not a real Microsoft security warning. The q216309.exe file attached to it is a worm which will, when executed, send mail to addresses found in Microsoft Outlook's address book (and addresses found in any locally stored .htm, .html, .asp, and .asp files) as well as installing a trojan horse which allows remote access to the infected system. (McAfee reports that "the worm was buggy, and did not successfully use Outlook to spread," however.)
See the links below for more information on how to detect and remove Gibe.
Additional Information:
![]() | W32.Gibe@mm (Symantec Security Response) |
![]() | W32/Gibe@MM (McAfee Virus Information Library) |
![]() | Bogus Microsoft Security Update E-Mail Is Actually a Virus (Associated Press) |
Last updated: 27 January 2008