You are here: silicon.com > Resources > White Papers

White Papers

W32/GOP-A / W32.HLLW.GOP / IMEKERNEL32

Tags:
email,
worm,
exe,
gop

Overview Date: Fri, 4 Jan 2002 17:57:39 (GMT)

Name: W32/GOP-A

Aliases: W32.HLLW.GOP

Type: Win32 worm

Description: W32/GOP-A is a password stealing email-aware Windows 32 worm.

The worm typically arrives as an email attachment with a double extension (for instance, .txt.exe, .jpg.exe or .doc.exe) in an attempt to disguise that it is an executable file.

When the attachment is launched, it creates the files IMEKernel32.sys and kernelsys32.exe in the Windows system folder. It also adds the registry value IMEKERNEL32 to
HKLM\Software\Microsoft\Windows\CurrentVersion\Run.

The worm attempts to spread via email and to steal ICQ passwords.

Click through to view the alert text for disinfection information.

Further White Paper Details
Publisher	Sophos	File Format	HTML
Date Published	January 2002
Format	White Papers
Topics	N/A

Did you find this white paper useful?

Delivering Information in Real Time

Publisher:
IBM

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Publisher:
Citrix Systems

A Day in a Low Carbon Life 2012

Publisher:
IBM

Does 802.11n deliver better wireless services for Enterprises?

Publisher:
Siemens

Virus warning: The bad Doctor is in

Anti-virus vendor Panda said the virus, thought to have originated from Israel, extends the infected computer's .exe.com.and .sys file names to corrupt these files. The W32/dotor.A virus is masquerading as an anti-virus fix for macro viruses and it...

Channel:
Security Strategy

Worm warning: Another little wriggler plagues Kazaa

The first time that Duload is run, it copies itself to the Windows system directory under the name "Systemconfig.exe", and edits the system registry so that it is automatically run whenever Windows is loaded.

Channel:
Security Strategy

Bugbear worm - how it works

When run, Bugbear adds itself to the System subdirectory of the Windows folder as four random letters followed by .exe (for example, windows\System\zayb.exe). Finally, it adds itself to the Startup folder as three random letters followed by .exe...

Channel:
Security Strategy

Virus alerts: Malware in waiting for post-xmas chaos

The worm infects all .exe files in the My Documents and C:\progra~1\mirc folders. The worm arrives in an email with the subject line, "Merry Christmas! When executed, the file becomes resident in memory and sends messages to other MSN Messenger...

Channel:
Security Strategy

Password-stealing Dumaru worm on the loose

It comes with an attachment called myphoto.zip, which contains an executable file. Because the virus includes a zipped attachment, rather than an executable one, it is more likely to penetrate a network security system that has been set up to repel...

Channel:
Security Strategy

Virus warning: Netsky appears as Bagle spreads

While this is hardly rocket science, it is still more deceptive than the obvious .exe extension. F-Secure, Sophos and MessageLabs all upgraded Bagle.B to their highest alert level overnight, after the worm started to spread yesterday.

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

White Papers

W32/GOP-A / W32.HLLW.GOP / IMEKERNEL32

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific