W32.Gammima


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 21 Mar 2007
Damage: Low

Characteristics: W32.Gammima worm is known to propagate in all the connected removable media of the compromised computer. It runs through autorun.inf. It spreads by infecting removable storage drives. Thus, this worm automatically runs itself on the compromised computer every time the window starts. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It also has the capability of stealing information related to the MapleStory online game. This worm has the capability to block network related operation.

More details about W32.Gammima

It oversees and monitors all the drives connected to the infected computer. Since time immemorial, it is always good to remember to protect your computer by denying all incoming connections and allow only the services you trusted and really know. Passwords creation is also a key in protecting files and programs from viruses. Auto play facility in your computer should be disabled toprevent the automatic launching of executable files on network and removable drives. File sharing should also be turned off when not needed. Do not always install or turn on computer services that popped up in your screen. Reports also say that the worm monitors Internet Explorer and steals accounts and passwords to the MapleStory online game as well as the role and item information in the game.

It can also be destructive, having the ability to also download malware on the compromised computer. The stolen information is sent to the author through email and HTTP. File creation is also a characteristic of this worm as it copies itself in the compromised windows directory system folders with the file name “D563BA79B410.exe,” Shell.exe,” and “autorun.inf” on the removable drive. This autorun file is continuously copied or created as long there is a new removable drive inserted or connected to the infected computer. The W32.Gammima program can also disable security software installed in the system. It may search the hard drive for anti-malware program components. These may then be deleted. The registry entries of the applications may also be removed. This prevents the security software from launching at system startup. File-sharing programs may also disabled. The main payload of the W32.Gammima software is to corrupt files in the system.