Posted by : Cebu Blogger Sunday, October 26, 2008

As we have remembered, Microsoft has made its windows patch. But last Friday, security experts have found a new worm which took advantage on the added patch, it is called Gimmiv.A. I was excited when i received this news, and as a result i make my own research, actually i have read this from a ThreatExpert Blog.

Here are some of the information about this newly discovered pest.

1. Once this worm is downloaded in a computer with in Local Area Network, it will start to infect other network neighborhood but will not go beyond because of network firewall.
2. After the worm is executed, it will give 3 files: winbase.dll, basesvc.dll and syicon.dll into the system directory
3. It will install and start up a new service called BaseSvc which will force the svchost.exe to load the winbase.dll (serviceDll parameter for BaseSvc). This will show in "Windows NT Baseline" as display name.
4. After then, winbase.dll will start to load 2 DLLs: basesvc.dll and syicon.dll
5. Then after which, the worm will collect the following:
***system information from the infected computer
***collect passwords from the Windows protected storage and Outlook Express passwords cache
***post collected details to a remote host

Well, as of now, i do not have the potion for this threat, GoodLuck to us! ahehe

Help BugITs

Blog Archive

- Copyright © Technology News and Updates -Metrominimalist- Powered by Blogger