Gibe.C is a worm that spreads via e-mail, through the peer-to-peer (P2P) file sharing program KaZaA, across shared network drives and via IRC and newsgroups.
When Gibe.C spreads via e-mail, it can reach the computer in a message with HTML format that perfectly imitates the style of Microsoft web pages, in order to trick the user into thinking that the attached file is a security patch, or it could also reach the computer in a message that simulates to be a failure in the delivery of an e-mail sent by the user.
In addition, Gibe.C attempts to exploit the iFrame and Incorrect MIME Header vulnerabilities. The attached file is automatically activated when the message is viewed through Outlook’s Preview Pane.
Gibe.C ends processes belonging to several antivirus programs, firewalls and system monitoring tools. This leaves the affected computer vulnerable to the attack of other viruses and worms.
Gibe.C disables the Windows Registry Editor. In addition, if Gibe.C does not find information in order to spread via e-mail, it displays a message that attempts to trick the user into giving confidential information, as e-mail address, mail account password, name of the mail server, etc.