Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Gate.Worm Infector Samples Found in the Wild

Gate.Worm Infector Samples Found in the Wild


A new version of the file infector Gate.Worm has been detected by security researchers and a few samples of the malware have been spotted in the wild. The Gate.Worm infector is similar to a variant of the parasitic virus “Obfuscated-FBU!hb” which was first seen in 2013 but with some differences. The old version implemented file extension checks to infect just the files they want. However, as per security researchers, the new variant infects every file on the current folder. The Gate.Worm creators also no longer implements the persistence mechanism via RUN key and it no longer implements file extensions checks to infect just certain files, instead the new variant infects every file on the current folder. The one addition is the IsDebuggerPresent check, commonly used to prevent the malware file from being debugged by researchers.
 
Source:
SC Magazine
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis