WORM_GAMARUE.LJG
Posted: June 12, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 31 |
| First Seen: | June 12, 2013 |
|---|---|
| OS(es) Affected: | Windows |
The Gamarue family of worms has spawned a new member: this time, WORM_GAMARUE.LJG, a multiple-component PC threat that distributes itself through removable devices and drive-by-download attacks. WORM_GAMARUE.LJG's most consequential feature is in its original installation, which downloads components from the legitimate (but occasionally exploited) website of Sourceforge.net, a storage site for open source software. WORM_GAMARUE.LJG also has been confirmed to include the broad spyware and downloading functions that Gamarue worms usually are known for having, and SpywareRemove.com malware experts categorize WORM_GAMARUE.LJG as a high-level threat. Deleting WORM_GAMARUE.LJG, including copies that WORM_GAMARUE.LJG places on any removable devices, usually should be handled through any proper anti-malware applications.
WORM_GAMARUE.LJG: the Invisible Worm with Connections to Places You Trust
While the Gamarue family includes some minor variants with diverging methodology for how they achieve their attacks, the basic means behind WORM_GAMARUE.LJG's distribution, as well as its payloads, still are the same as usual. WORM_GAMARUE.LJG and other worms, both within and without the Gamarue family, are noted foremost for their ability to create copies of themselves that infect removable devices (most commonly conceptualized in the form of USB flash drives, but also applicable to other storage devices, such as DVDs) and then infect other computers that use these devices. SpywareRemove.com malware analysts stress that the self-copying nature of WORM_GAMARUE.LJG makes it important to include any potentially-compromised devices in your anti-malware scans against a WORM_GAMARUE.LJG infection.
WORM_GAMARUE.LJG also includes several major components, many of which are downloaded from Sourceforge. Based on the date of these files' presence on Sourceforge, WORM_GAMARUE.LJG's attack campaign appears to have been launched very early in June of 2013. However, SpywareRemove.com malware researchers have identified other variants of Gamarue that have been in the wild for far longer than WORM_GAMARUE.LJG, such as Worm:Win32/Gamarue.I and Trojan.Gamarue.E.
Even if you're not exposed to any devices infected by WORM_GAMARUE.LJG, your PC still can be compromised through WORM_GAMARUE.LJG's other distribution method: drive-by-downloads from the Blackhole Exploit Kit. Such attacks are hosted on hostile or hacked websites, and can install WORM_GAMARUE.LJG (and other high-level threats SpywareRemove.com malware experts have become familiar with, such as Trojan Zeus) automatically.
Shutting Down WORM_GAMARUE.LJG's Info-Stealing Pipeline
WORM_GAMARUE.LJG and other Gamarue-based worms always include two major forms of attack:
- The ability to install other malware without your permission (a function that WORM_GAMARUE.LJG even uses to install some of its default components).
- Spyware attacks that attempt to steal personal and profitable information, such as account logins, e-mail addresses, passwords, etc.
Any computer compromised by WORM_GAMARUE.LJG should be isolated from removable drives that could be infected by WORM_GAMARUE.LJG. Afterward, anti-malware programs can be used to remove all copies of WORM_GAMARUE.LJG and its various files (and anything else that WORM_GAMARUE.LJG might have installed). SpywareRemove.com malware researchers also suggest taking some extra steps to secure any information that may have been leaked through WORM_GAMARUE.LJG, such as information for logging in to various online accounts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.