- Joined
- Jan 26, 2002
- Messages
- 2,737
Hope that this is stamped out, but be careful with that E-mail!!
W32.Gruel@mm
Discovered on: July 13, 2003
Last Updated on: July 16, 2003 09:38:26 AM
W32.Gruel@mm is a worm that spreads by email and file-sharing networks. Its payload includes changing user passwords, hiding drive C, and making numerous changes to the system registry.
The email has the following characteristics:
Subject: Microsoft Windows Critical Update.
Attachment: Windows Critical Update 088562.exe
or
Subject: Symantec: New serious virus found
Attachment: Symantec_Norton_Tool.exe
or
Subject: Microsoft Windows Critical Update
Attachment: AntiVirus_Patch.exe
Also Known As: W32/Gruel-A [Sophos], W32/Fakerr@MM [McAfee], Win32.Gruel [CA]
Type: Worm
Infection Length: 102,400 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, OS/2, UNIX, Linux
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Difficult
Damage
Payload:
Large scale e-mailing: Mass mailing to all the names in the Outlook Address book.
Deletes files: Deletes system files.
Degrades performance: Opens multiple Control Panel windows, which can cause the system to crash. "Hides" drive C from Windows. Changes access to executable files.
Compromises security settings: Has a random routine that forces the user to change passwords.
Distribution
Subject of email: Microsoft Windows Critical Update OR Symantec: New serious virus found
Name of attachment: Windows Critical Update 088562.exe OR Symantec_Norton_Tool.exe OR
AntiVirus_Patch.exe
Size of attachment: 104,200 bytes
Shared drives: Attempts to spread through file-sharing networks.
More info, and specific symptoms here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html
Note this--bastids!
Symantec Security Response has received reports that email messages, which falsely claim to have been sent by Symantec, have been sent to numerous email addresses.
These messages may contain an attached file that the message claims is a removal tool for W32.Gruel@mm. There is currently no such tool, and the message is not from Symantec. Symantec never sends unsolicited removal tools by email.
If you receive this or a similar message, delete the message without opening the attached file.
The text of the false message is:
From: "Symantec Corporation"<security@symantec.com>
Subject: Symantec: New Serious Virus found.
Norton Security Response, has detected a new virus in the Internet. For this reasonwe made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 5 (Maximum ).
Prevention, using the W32.Gruel@mm Tool:
To prevent or remove W32.W32.Gruel@mm , apply this attachment tool as quickly aspossible. This is the easiest way to remove/prevent this threat...
W32.Gruel@mm
Discovered on: July 13, 2003
Last Updated on: July 16, 2003 09:38:26 AM
W32.Gruel@mm is a worm that spreads by email and file-sharing networks. Its payload includes changing user passwords, hiding drive C, and making numerous changes to the system registry.
The email has the following characteristics:
Subject: Microsoft Windows Critical Update.
Attachment: Windows Critical Update 088562.exe
or
Subject: Symantec: New serious virus found
Attachment: Symantec_Norton_Tool.exe
or
Subject: Microsoft Windows Critical Update
Attachment: AntiVirus_Patch.exe
Also Known As: W32/Gruel-A [Sophos], W32/Fakerr@MM [McAfee], Win32.Gruel [CA]
Type: Worm
Infection Length: 102,400 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, OS/2, UNIX, Linux
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Difficult
Damage
Payload:
Large scale e-mailing: Mass mailing to all the names in the Outlook Address book.
Deletes files: Deletes system files.
Degrades performance: Opens multiple Control Panel windows, which can cause the system to crash. "Hides" drive C from Windows. Changes access to executable files.
Compromises security settings: Has a random routine that forces the user to change passwords.
Distribution
Subject of email: Microsoft Windows Critical Update OR Symantec: New serious virus found
Name of attachment: Windows Critical Update 088562.exe OR Symantec_Norton_Tool.exe OR
AntiVirus_Patch.exe
Size of attachment: 104,200 bytes
Shared drives: Attempts to spread through file-sharing networks.
More info, and specific symptoms here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html
Note this--bastids!
Symantec Security Response has received reports that email messages, which falsely claim to have been sent by Symantec, have been sent to numerous email addresses.
These messages may contain an attached file that the message claims is a removal tool for W32.Gruel@mm. There is currently no such tool, and the message is not from Symantec. Symantec never sends unsolicited removal tools by email.
If you receive this or a similar message, delete the message without opening the attached file.
The text of the false message is:
From: "Symantec Corporation"<security@symantec.com>
Subject: Symantec: New Serious Virus found.
Norton Security Response, has detected a new virus in the Internet. For this reasonwe made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 5 (Maximum ).
Prevention, using the W32.Gruel@mm Tool:
To prevent or remove W32.W32.Gruel@mm , apply this attachment tool as quickly aspossible. This is the easiest way to remove/prevent this threat...
