The Latest in IT Security

MSRT January 2013 – Ganelp

09
Jan
2013

To start the new year, we have added the Win32/Ganelp and Win32/Lefgroo families of worms to the January release of the Malicious Software Removal Tool.

Win32/Ganelp spreads via removable drives, uploads stolen information and downloads arbitrary files from remote FTP servers.

We have had detection signatures for this family for approximately 2 years and it continues to be prevalent, as seen in Figure 1.

Ganelp monthly report volume January 2011 to December 2012
Figure 1: Ganelp monthly report volume January 2011 to December 2012.

What we understand about the Ganelp malware family is its malicious intent. Ganelp variants are usually distributed online as fake Java updates, they use a folder icon to mimic a directory and disguise copies of themselves with existing folder names found in the infected machine.

For more details about this family of worms, please see the MMPC Encyclopedia description for Win32/Ganelp.

Jireh Sanico
MMPC

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments