W32.Gaga


Aliases: W32/Gaga.Worm
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 10 Oct 2002
Damage: Low

Characteristics: W32.Gaga is a virus that copies itself and is intended to multiply on floppy disks as well as on the hard drive of the compromised computer. Written in Microsoft Visual Basic (VB) programming language, it occasionally copies itself to the floppy. This virus uses filenames that are chosen randomly from its own list. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. Once executed, Gaga displays a text enclosed in red shade sayong, “hi, gusto mo ba ng ka text mate ako na nga siguro hinahanap mo, heres my number 09164371861.” With its text written in Tagalog language, it is believed to be written by a Filipino or coming from the Philippines.

More details about W32.Gaga

This virus contains code that wipes all files in all writeable drives. Floppy discs are also bombarded with “NUDEBABES.SCR” files, these are copies of the worm. This nude file tries to execute a destructive file deletion payload. Another file that is very harmful to the system is the “GAGO.EXE.” It’s as destructive as the previous file. Aside from floppy discs, windows directory system folders are also filled up with “GAGO.EXE” files. The registry keys are also altered in order for the virus to run when Windows starts.

One leading cause of access of W32.Gaga virus in the system is through a program that has been downloaded from unrecognizable sites and on unknown sites. The W32.Gaga virus is composed of numerous accounts of infection that exactly fit a destruction goal. The infection rate maybe based, on how a computer system itself adopts with the flow of the virus commands. This application also passes through different access encoding method that expectedly depends on the spyware’s ability to dig a system.