Threat Center Threats Explained Threat Encyclopedia Threat Blog Security Tips Case Studies White Papers Newsletter Signup
 

Win32/Gnuman


Win32/Gnuman is 8192 bytes long worm and spreads by means of the system for exchange Gnutella files.  Gnutella is a peer-to-peer network representing a sort of alternative to Napster.  With regard to the fact that this worm requires certain amount of cooperation from the user and that Gnutella users have obviously higher level of computer knowledge the chances of large-scale spreading of the worm are rather small.  Upon being run the worm creates a hidden system file Gspot.exe in the system directory from which applications are run at the start of Windows.  That ensures its activation at each Windows start.  The worm attaches itself as a knot to the network.  In Gnutella a part of the data is formed by search questions and answers to them.  The worm answers each question positively, if someone is searching to find for example words "Harry up Harry“ the worm answers that it has the file "Harry up Harry.exe".  Length of such a file is always 8192 bytes and it is a copy of the worm.  If someone decides to download that file and executes it, the infection takes place. There is the following text in the worm body:

[Gspot 1ß] freely shared by mandragore/29



PROTECT YOUR COMPUTER!
ESETs NOD32 antivirus software provides comprehensive, easy-to-use, and affordable protection from todays and tomorrows threats. We put the malware expert inside the software, so you don’t have to become one.

DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE

 

 
Top of Page Back One Page Print this Page