Know Your Malware: GiftCom Removal

GiftCom is an Internet worm that spreads to other computers through unpatched security vulnerabilities and via instant messages using popular chat programs including ICQ, AIM, MSN Messenger and Yahoo! Messenger. The parasite sends bogus messages containing links to malicious files to all the contacts in the victim's buddy list. Once the user follows such a link, GiftCom is silently downloaded and installed to the system. The worm comes with a rootkit that hides all harmful processes and files from most antivirus tools.

The GiftCom's payload is comprised of several malicious functions. First of all, the worm disables some Windows essential components and terminates running antiviruses and security-related programs. Then it runs a backdoor component, which provides the attacker with unauthorized remote access to the compromised computer. The intruder can log user keystrokes, set up a hidden FTP server, intercept network and Internet traffic, contact specified web resources and steal user sensitive information. GiftCom can also change the web browser's default home page and download a variant of the Sdbot worm. The threat automatically runs as a service on every Windows startup. Remove GiftCom, removal instructions

Linked by shanmuga Wednesday, 28th December 2005 12:15AM