Discovered: June 14, 2001
Updated: February 13, 2007 11:36:40 AM
Also Known As: W97M/Goga, Trojan.PSW.Gogga, DUNpws.ik.dr, Trojan/RTF.Goga, RTF.Goga.A.Dr1, Word97Macro/PSW.Gog.19456.A, Troj/Gogaru, W97M/Gogga.A
Type: Trojan Horse, Macro
W97M.Gogaru.A is a macro which is coded to drop a password-stealing Trojan onto the system. It is first downloaded from a Web site as an .rtf document.
This macro was originally found on a user home page on a Russian Web site, and it was intentionally placed there by the author. The macro contains instructions to create and execute two files in the root of the drive C: S.bat and S.exe.
Downloading a template file and executing the macros within it by using an .rtf document is an example of a disclosed and publicized exploit. Microsoft has a patch which addresses this vulnerability. For more information, go to:
http://www.microsoft.com/technet/security/bulletin/MS01-028.asp
Protection
-
Initial Rapid Release version June 14, 2001
-
Latest Rapid Release version July 12, 2008 revision 018
-
Initial Daily Certified version June 14, 2001
-
Latest Daily Certified version July 12, 2008 revision 019
-
Initial Weekly Certified release date pending
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: Patrick Nolan
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
