W32.Gibe.B@mm is a variant of W32.Gibe@mm. This mass-mailing worm uses Microsoft Outlook and its own SMTP engine to send itself to all contacts in Outlook Address Book and Windows Address Book. The email is disguised as a Microsoft Security Update and will arrive with an attachment that has a .exe or .zip file extension. It copies itself to the startup folder of all mapped remote drives as WebLoader.exe. It attempts to spread through KaZaA file-sharing network and Internet Relay Chat (IRC). The worm may send itself to some Newsgroups whose URLs are carried by the worm.
This threat is written in the Microsoft Visual Basic programming language.
NOTE: Virus definitions dated February 25, 2003 may detect this as W32.Gibe@mm.
Also Known As: WORM_GIBE.B [Trend], W32/Gibe.b@mm [McAfee], W32/Gibe-D [Sophos], I-Worm.Gibe.b [KAV]
Infection Length: 155,648 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux