Gael/Tenga - New Parasitic CIH-like File Infector
Kaspersky Labs documents the first return of a classical parasitic file infector virus in about two years. Like the CIH virus, it will attempt to infect as many EXE files as possible on the PC, plus download secondary viruses which can spread rapidly throughout an unpatched network. A single PC can have hundreds or even thousands of copies of this virus as it self replicates on the PC.
Kaspersky Labs - Analyst's Commentary
Kaspersky Labs - Tenga.A Description
McAfee - Gael Description
Symantec - Licum Description
Trend - Tenga.A Description
Tenga is a good old classic virus, where the main goal is to self-replicate as much as possible. Once your machine is infected, you can end up with hundreds of infected files, all of which will then attempt to download Trojan-Downloader.Win32.Small.bdc
When run, the worm infects .EXE files on the local system, appending itself to host files. 10 threads are created to search for infectable computers on the Internet, SYN packets are sent to random IP addresses on TCP 139 (netbios). The worm then attempts to connect to responding systems via the IPC$ and open shares to parasitically infect files remotely.