Datamation Logo

‘Goner’ E-mail Worm Rated Highest Risk

December 4, 2001
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A brand new worm slithering through the Web is getting passed by Microsoft Outlook home and businesses users and is so bad it has the potential of wiping out complete files.

Anti-virus experts at McAfee.com (NASDAQ:MCAF) identified the worm early Tuesday morning and have named it “Goner” after its identification string W32/Goner@MM. The company assessed the virus as a HIGH risk – it’s most serious rating.

Compared to other well known computer infections such as NIMDA, Code Red, Melissa and ILOVEYOU, McAfee says this is pretty serious stuff.

“Goner” Virus Resources

Here are some sites to go for up-to-date information on the virus.

McAfee, which offers virus description, methods of infection and information for removal

Symantic
, which also offers technical information about the virus

“To coin a phrase from Star Trek – this is certainly an attempt to bring down the shields,” says McAfee Security Architect Sam Curry. “It has the potential to be as destructive as the others, but it’s still too early in the game and we won’t see the full impact of this worm for some time. Unlike the Anna Kournikova virus that did one thing, this one is a hybrid virus that does a few things like deleting firewall and anti-virus files.”

Curry says that like many other e-mail-based infections, the worm is expected to spread further at the times when people are checking their e-mail – early in the morning, at lunch and when they get home from work.

This mass-mailing worm attempts to send itself using Microsoft Outlook to all entries found in the Outlook Address book. It can also use the instant messaging platform ICQ to spread as well. The worm arrives in an e-mail message contains the subject “Hi” with a short message in the body.

How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!

Sunnyvale, Calif.-based McAfee’s AVERT team says to the worm won’t activate until you open the attachment:

GONE.SCR.

The payload, if activated, can delete files from users’ computers. The “Goner” worm then e-mails itself to every e-mail address contained in the user’s address book.

Running this attachment infects the local system and not the network. When run, the worm displays a message box entitled; “About” and after a short time another window entitled “Error” is displayed.

The worm then copies itself into SYSTEM32 in the %WinDir% folder and adds the following registry key in order to get started upon boot:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
RunC:%WINDIR%SYSTEM32gone.scr=C:%WINDIR%SYSTEM32gone.scr

The new “Goner” worm comes quickly on the heels of the recent “Badtrans” Internet worm variant.

Both viruses affect users of Microsoft Outlook, although the “Goner” worm appears to target various firewall and anti-virus files for deletion.

And because of the multi-layered aspects of the worm, Curry suspects that this is more the work of crackers than of regular hackers.

This story first appeared on Siliconvalley.internet.com, an internet.com site.

  SEE ALL
ARTICLES
 

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands


Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.