1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New Worm Poses as Microsoft Patch

Discussion in 'Virus & Other Malware Removal' started by ladyjeweler, Jul 21, 2003.

Thread Status:
Not open for further replies.
  1. ladyjeweler

    ladyjeweler Thread Starter

    Sep 25, 2002
    New Worm Poses as Microsoft Patch

    'Gruel' also impersonates Symantec tool, lifts Outlook addresses.

    Paul Roberts, IDG News Service
    Wednesday, July 16, 2003

    Antivirus company TruSecure is warning users about a new e-mail worm that is beginning to spread on the Internet and over the Kazaa peer-to-peer network.

    The new worm, dubbed Gruel, is a mass-mailing worm that masquerades as a Windows software patch from Microsoft and as a virus-removal tool from Symantec, according to an alert from TruSecure.

    Familiar Attack
    Like other mass-mailing worms, Gruel spreads by stealing e-mail addresses from an infected computer's Microsoft Outlook address book and mailing copies of itself to those addresses, TruSecure representatives say.

    The worm deletes files from machines it infects and copies itself into various locations. It particularly targets and infests folders used by the Kazaa file-sharing network, enabling it to spread on that network as well, according to TruSecure.

    The antivirus company received word of five infections and fielded around 20 calls from users who have received e-mail messages containing the virus, according to Bruce Hughes, content security lab manager at TruSecure.

    While the number of infections is still low, Gruel has a number of characteristics that have allowed other worms to successfully spread in recent months, Hughes says.

    In addition to its clever use of so-called "social engineering" tricks such as using the names of Microsoft and Symantec to fool recipients, the coupling of mass-mailing techniques and features to spread over peer-to-peer networks makes Gruel more dangerous, Hughes says.

    Homes Vulnerable
    Unlike other worms, however, Gruel does not spread over shared folders on local area networks, he says.

    Most organizations have antivirus software that will block or quarantine the executable attachment containing the Gruel virus, Hughes notes. However, he expects that home users without such protections will bear the brunt of the new worm.

    In the coming hours and days, infections on those home systems may bombard corporate mail gateways with infected messages as well, Hughes says.

    The company currently has the new worm on "watch," he says.

  2. starman2002


    Jul 10, 2003
    Thanks for the info ladyjeweler.Much appreciated.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/148737

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice