Welcome to the Virus Encyclopedia of Panda Security.
Gibe.C is a worm that spreads via e-mail, through the peer-to-peer (P2P) file sharing program KaZaA, across shared network drives and via IRC and newsgroups.
When Gibe.C spreads via e-mail, it can reach the computer in a message with HTML format that perfectly imitates the style of Microsoft web pages, in order to trick the user into thinking that the attached file is a security patch, or it could also reach the computer in a message that simulates to be a failure in the delivery of an e-mail sent by the user.
In addition, Gibe.C attempts to exploit the iFrame and Incorrect MIME Header vulnerabilities. The attached file is automatically activated when the message is viewed through Outlook’s Preview Pane.
Gibe.C ends processes belonging to several antivirus programs, firewalls and system monitoring tools. This leaves the affected computer vulnerable to the attack of other viruses and worms.
Gibe.C disables the Windows Registry Editor. In addition, if Gibe.C does not find information in order to spread via e-mail, it displays a message that attempts to trick the user into giving confidential information, as e-mail address, mail account password, name of the mail server, etc.
Gibe.C is easy to recognize, as it can reach the computer in an e-mail message that has HTML format and perfectly imitates the style of Microsoft web pages, in order to trick the user into thinking that the attached file is a security patch:
When the attached file is run, a series of windows are displayed, which simulate the installation of the supposed patch. However, these screens actually cover up the actions that the worm is carrying out.Note: some variations have appeared, that display the following text in the message above:This will install Tiscali VideoChat UpdateRegardless of the option that the user chooses, the worm will activate and carry out its actions. If the user pushes the Yes button, it continues with the supposed installation process:
After a while, if Gibe.C does not find any information in order to spread via e-mail, it displays the following error message on screen, which attempts to trick the user into giving confidential information: