Gael/Tenga - New Parasitic CIH-like File Infector - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Gael/Tenga - New Parasitic CIH-like File Infector

Kaspersky Labs documents the first return of a classical parasitic file infector virus in about two years. Like the CIH virus, it will attempt to infect as many EXE files as possible on the PC, plus download secondary viruses which can spread rapidly throughout an unpatched network. A single PC can have hundreds or even thousands of copies of this virus as it self replicates on the PC.

Kaspersky Labs - Analyst's Commentary

Kaspersky Labs - Tenga.A Description

McAfee - Gael Description

Symantec - Licum Description

Trend - Tenga.A Description

Tenga is a good old classic virus, where the main goal is to self-replicate as much as possible. Once your machine is infected, you can end up with hundreds of infected files, all of which will then attempt to download Trojan-Downloader.Win32.Small.bdc

When run, the worm infects .EXE files on the local system, appending itself to host files. 10 threads are created to search for infectable computers on the Internet, SYN packets are sent to random IP addresses on TCP 139 (netbios). The worm then attempts to connect to responding systems via the IPC$ and open shares to parasitically infect files remotely.

Posted: Jul 23 2005, 07:40 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.