Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It reaches computers in an e-mail message that can sometimes refer to the 2nd Gulf war against Iraq. It infects PE files and creates a dropper type file in infected computers.|
|First detected on:||March 17, 2003|
|Detection updated on:||June 7, 2006|
|Yes, using TruPrevent Technologies
Ganda.A is a worm that reaches computers in an e-mail message that can sometimes refer to the 2nd Gulf war against Iraq, which includes an attached file that contains the worm's code.
Ganda.A infects PE files, by copying part of its code to them. It also creates a dropper type file in affected computers and ends processes belonging to certain antivirus and firewall programs, if they are active.
Some of the messages carrying Ganda.A use the vulnerability exploit called Exploit/Iframe to carry out infection. As a result, the computer will be infected when the user simply views the message carrying the worm through Outlook's Preview Pane.
Once it has infected a computer, Ganda.A sends itself out to all the contacts in the Window's Address Book, to the addresses it finds in files with an EML, HTM and DBX extension and to the addresses in the Internet cache.
Ganda.A is difficult to recognize, as it does not display any warnings or messages that indicate that it has infected a computer.