TSPY_GIMMIV.A

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TSPY_GIMMIV.A

Overview

Solution

Technical Details

QUICK LINKS	Download the latest scan engine

Type: Spyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:		Low

Reported detections:		Low
System impact:		High
Information exposure:		High

Description:

To get a one-glance comprehensive view of the behavior of this spyware, refer to the Behavior Diagram shown below.

TSPY_GIMMIV.A Behavior Diagram

Spyware Overview

This spyware may be downloaded by WORM_GIMMIV.A using exploits of a discovered zero-day vulnerability in certain Microsoft operating systems. More information on this vulnerability can be found on the following page:

(MS08-067) Vulnerability in Server Service Could Allow Remote Code Execution (958644)

This spyware drops a component file also detected as TSPY_GIMMIV.A. It also connects to Web sites to download files detected as WORM_GIMMIV.A.

This spyware gathers certain information on the affected system. It then encrypts the gathered information and saves it in a file. It then sends the gathered information to a remote location using HTTP POST.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct 25, 2008

Revision history:
Nov 14, 2008 - Complete Malware Report

Tell us how we did. Take our quick survey.