Panda Software Warns About the New Gibe.C Worm

PandaLabs has detected the appearance of the C variant of the Gibe worm. This malicious code uses so-called social engineering to trick users, as it reaches computers in an e-mail message that passes itself off as a security patch for Microsoft Windows operating systems.

This message is in HTML format and perfectly imitates the style of Microsoft web pages. In order to gain credibility, the sender of the e-mail message displayed is ‘MS Technical Assistance’. The message also includes an attached file that actually contains the Gibe.C worm and can have different names, such as Q591362.EXE.

When the attached file is run, a series of windows are displayed, which simulate the installation of the supposed patch. However, these screens actually cover up the actions that the worm is carrying out. The actions carried out by this worm include inserting a large number of entries in the Windows Registry. Similarly, Gibe.C ends the processes of several antivirus and computer security programs, leaving computers at the mercy of hackers or other malicious code.

As well as e-mail, Gibe.C also uses KaZaA and the chat application IRC to spread.

In order to avoid falling victim to Gibe.C, Panda Software advises users to be extremely careful with e-mail messages received and to update their antivirus solutions immediately. The multinational antivirus manufacturer has already released the updates, which ensure their antivirus solutions detect and eliminate Gibe.C. Therefore, if your software is not configured to update automatically, you can do so from the company’s website at

Don't miss