29:
186:
system. Microsoft continuingly makes money by selling you the latest and greatest
Windows. The latest Windows version is always the most inefficient yet, slowing down your fast computer. Also, now you have to upgrade all your other software too because different Windows versions are not compatible with each other! A hidden cost not mentioned at all. It's part of the scam. Capitalism Sucks!, Communism Sucks. KILLERGUATE.
165:
dialog box, which the user cannot move or close and contains two buttons: "Send Error" and "Send and Close", if the user clicks on the "Send Error" button, the worm mass-mails itself to all the user's contacts and displays fictitious "technical details" about the supposed error report, which contains
185:
Your computer now is mine, Why? Because I didn't had nothing to do and I thought, why not make the evil? Remember NOW YOUR PC IS IN MY POWER! Windows Sucks! I can't stand it anymore! Windows has always sucked. Wake up people! It's a scam! You don't need a faster computer. You need a better operating
199:
by forcibly shutting the machine down by cutting the power, then turning the machine back on. Afterwards, the PC is completely unusable, as all .bat, .com, .exe, .ht, .hta, .pif and .scr files have been hooked to the virus itself – by attempting to run any of the programs, the worm is simply
166:
a Back button and a Close button. Clicking the Back button will return to the original error reporting box, whereas the Close button does not do anything. When the user presses "Send and Close", the worm will disable or terminate
365:
556:
391:
247:
486:
957:
444:
325:
299:
358:
273:
568:
496:
828:
667:
396:
386:
351:
460:
583:
563:
251:
178:
options, and then display a dialogue box that cannot be closed, which contains two buttons, "Retry" and "Cancel".
759:
833:
593:
1091:
900:
859:
608:
175:
162:
153:
The worm arrived as an attachment with various names in emails claiming to be a security update from either
926:
921:
512:
491:
209:
195:
After carrying out the above payload, the virus hangs the operating system, requiring users to perform a
916:
631:
952:
465:
28:
657:
723:
428:
161:, depending on the variant. When run, the worm installs itself to the system and displays a fake
749:
744:
781:
739:
641:
551:
481:
113:
636:
517:
573:
1040:
702:
682:
662:
652:
1066:
1009:
973:
769:
588:
158:
1085:
1030:
812:
677:
603:
167:
109:
1004:
775:
692:
687:
538:
171:
137:
125:
77:
1014:
978:
875:
697:
626:
546:
229:
181:
The text of the error message, riddled with grammatical errors, is as follows:
983:
598:
523:
422:
129:
121:
117:
81:
73:
69:
1056:
1035:
196:
154:
1061:
988:
947:
895:
807:
707:
578:
101:
880:
792:
343:
931:
672:
618:
885:
838:
133:
843:
200:
activated again and will release its primary payload once more.
347:
274:"'Gruel' worm poses as Microsoft patch and Symantec tool"
300:"Virus Alert: Several Variants of Gruel Worm Reported"
1049:
1023:
997:
966:
940:
909:
868:
852:
821:
800:
791:
758:
732:
716:
617:
537:
505:
474:
453:
437:
415:
408:
87:
65:
60:
52:
44:
21:
183:
359:
8:
797:
412:
366:
352:
344:
27:
445:Sony BMG copy protection rootkit scandal
221:
18:
7:
230:"Fakerr Description - F-Secure Labs"
112:first surfacing in 2003 targeting
36:Dialogue box displayed by the worm
14:
1:
776:Kaminsky DNS cache poisoning
520:(findings published in 2010)
1108:
250:. Symantec. Archived from
149:Arrival and initial launch
379:
40:
35:
26:
497:US military cyberattack
487:Cyberattacks on Georgia
461:Cyberattacks on Estonia
163:Windows Error Reporting
492:Sarah Palin email hack
210:List of computer worms
188:
100:, also referred to by
632:Jeanson James Ancheta
466:Operation: Bot Roast
374:Hacking in the 2000s
254:on February 5, 2007
429:Operation Firewall
278:ComputerWeekly.com
116:platforms such as
16:2003 computer worm
1079:
1078:
1075:
1074:
557:associated events
533:
532:
482:Project Chanology
403:
402:
191:Secondary payload
114:Microsoft Windows
95:
94:
61:Technical details
1099:
798:
649:str0ke (milw0rm)
518:Operation Aurora
413:
382:
381:
368:
361:
354:
345:
338:
337:
335:
333:
322:
316:
315:
313:
311:
296:
290:
289:
287:
285:
270:
264:
263:
261:
259:
244:
238:
237:
234:www.f-secure.com
226:
168:Windows Explorer
132:. It spread via
31:
19:
1107:
1106:
1102:
1101:
1100:
1098:
1097:
1096:
1082:
1081:
1080:
1071:
1045:
1019:
993:
962:
936:
905:
864:
848:
829:Anna Kournikova
817:
787:
762:
760:Vulnerabilities
754:
728:
712:
703:Dmitry Sklyarov
683:Albert Gonzalez
613:
529:
501:
470:
449:
433:
404:
375:
372:
342:
341:
331:
329:
324:
323:
319:
309:
307:
304:eSecurityPlanet
298:
297:
293:
283:
281:
272:
271:
267:
257:
255:
246:
245:
241:
228:
227:
223:
218:
206:
193:
151:
146:
17:
12:
11:
5:
1105:
1103:
1095:
1094:
1092:Computer worms
1084:
1083:
1077:
1076:
1073:
1072:
1070:
1069:
1064:
1059:
1053:
1051:
1047:
1046:
1044:
1043:
1038:
1033:
1027:
1025:
1021:
1020:
1018:
1017:
1015:Black Energy 1
1012:
1007:
1001:
999:
995:
994:
992:
991:
986:
981:
976:
970:
968:
964:
963:
961:
960:
955:
950:
944:
942:
938:
937:
935:
934:
929:
924:
919:
913:
911:
907:
906:
904:
903:
898:
893:
888:
883:
878:
872:
870:
866:
865:
863:
862:
856:
854:
850:
849:
847:
846:
841:
836:
831:
825:
823:
819:
818:
816:
815:
810:
804:
802:
795:
789:
788:
786:
785:
779:
773:
770:Shatter attack
766:
764:
756:
755:
753:
752:
747:
742:
736:
734:
733:Hacking forums
730:
729:
727:
726:
720:
718:
714:
713:
711:
710:
705:
700:
695:
690:
685:
680:
675:
670:
665:
660:
655:
650:
647:
644:
639:
634:
629:
623:
621:
615:
614:
612:
611:
606:
601:
596:
591:
589:PLA Unit 61398
586:
581:
576:
571:
566:
561:
560:
559:
549:
543:
541:
535:
534:
531:
530:
528:
527:
521:
515:
513:Operation Troy
509:
507:
503:
502:
500:
499:
494:
489:
484:
478:
476:
472:
471:
469:
468:
463:
457:
455:
451:
450:
448:
447:
441:
439:
435:
434:
432:
431:
426:
419:
417:
410:
406:
405:
401:
400:
394:
389:
380:
377:
376:
373:
371:
370:
363:
356:
348:
340:
339:
317:
306:. 18 July 2003
291:
280:. 17 July 2003
265:
248:"W32.Gruel@mm"
239:
220:
219:
217:
214:
213:
212:
205:
202:
192:
189:
150:
147:
145:
142:
93:
92:
89:
85:
84:
67:
63:
62:
58:
57:
54:
50:
49:
46:
42:
41:
38:
37:
33:
32:
24:
23:
15:
13:
10:
9:
6:
4:
3:
2:
1104:
1093:
1090:
1089:
1087:
1068:
1065:
1063:
1060:
1058:
1055:
1054:
1052:
1048:
1042:
1039:
1037:
1034:
1032:
1029:
1028:
1026:
1022:
1016:
1013:
1011:
1008:
1006:
1003:
1002:
1000:
996:
990:
987:
985:
982:
980:
977:
975:
972:
971:
969:
965:
959:
956:
954:
951:
949:
946:
945:
943:
939:
933:
930:
928:
925:
923:
920:
918:
915:
914:
912:
908:
902:
899:
897:
894:
892:
889:
887:
884:
882:
879:
877:
874:
873:
871:
867:
861:
858:
857:
855:
851:
845:
842:
840:
837:
835:
832:
830:
827:
826:
824:
820:
814:
811:
809:
806:
805:
803:
799:
796:
794:
790:
783:
780:
777:
774:
771:
768:
767:
765:
761:
757:
751:
748:
746:
743:
741:
738:
737:
735:
731:
725:
722:
721:
719:
715:
709:
706:
704:
701:
699:
696:
694:
691:
689:
686:
684:
681:
679:
676:
674:
671:
669:
666:
664:
661:
659:
656:
654:
651:
648:
645:
643:
640:
638:
635:
633:
630:
628:
625:
624:
622:
620:
616:
610:
607:
605:
604:World of Hell
602:
600:
597:
595:
592:
590:
587:
585:
582:
580:
577:
575:
572:
570:
567:
565:
562:
558:
555:
554:
553:
550:
548:
545:
544:
542:
540:
536:
525:
522:
519:
516:
514:
511:
510:
508:
504:
498:
495:
493:
490:
488:
485:
483:
480:
479:
477:
473:
467:
464:
462:
459:
458:
456:
452:
446:
443:
442:
440:
436:
430:
427:
424:
421:
420:
418:
414:
411:
407:
399: →
398:
395:
393:
390:
388:
385:←
384:
383:
378:
369:
364:
362:
357:
355:
350:
349:
346:
327:
326:"W32/Gruel-D"
321:
318:
305:
301:
295:
292:
279:
275:
269:
266:
253:
249:
243:
240:
235:
231:
225:
222:
215:
211:
208:
207:
203:
201:
198:
190:
187:
182:
179:
177:
176:Control Panel
173:
169:
164:
160:
156:
148:
143:
141:
139:
135:
131:
127:
123:
119:
115:
111:
107:
103:
99:
91:102,400 bytes
90:
86:
83:
79:
75:
71:
68:
64:
59:
56:Computer worm
55:
51:
47:
43:
39:
34:
30:
25:
20:
958:Sony rootkit
890:
724:Bluehell IRC
693:Dan Kaminsky
688:Sven Jaschan
330:. Retrieved
320:
308:. Retrieved
303:
294:
282:. Retrieved
277:
268:
256:. Retrieved
252:the original
242:
233:
224:
194:
184:
180:
174:, open many
172:CD/DVD drive
170:, eject the
152:
138:file sharing
126:Windows 2000
105:
97:
96:
78:Windows 2000
876:SQL Slammer
698:Samy Kamkar
619:Individuals
584:Level Seven
547:Ac1db1tch3z
526:(2008–2010)
425:(2003–2006)
332:16 December
310:10 December
284:10 December
258:10 December
763:discovered
750:darksun.ws
745:unkn0wn.eu
653:Lil Hacker
599:ShadowCrew
524:WebcamGate
423:Titan Rain
216:References
140:networks.
130:Windows XP
122:Windows ME
118:Windows 9x
82:Windows XP
74:Windows ME
70:Windows 9x
1057:Conficker
1036:Agent.btz
564:Avalanche
552:Anonymous
409:Incidents
197:Hard boot
155:Microsoft
1086:Category
1062:Koobface
1041:Mariposa
989:Stration
984:Clickbot
948:PGPCoder
896:Graybird
834:Code Red
808:ILOVEYOU
782:sslstrip
740:ryan1918
717:Darknets
708:Stakkato
646:Digerati
642:Dshocker
609:Sandworm
579:GhostNet
392:Timeline
328:. Sophos
204:See also
159:Symantec
144:Symptoms
108:, was a
102:F-Secure
66:Platform
1067:Waledac
974:Rustock
901:Blaster
881:Welchia
813:Pikachu
793:Malware
663:camZero
1031:Asprox
932:Mydoom
927:Sasser
922:NetSky
860:Simile
784:(2009)
778:(2008)
772:(2002)
678:diabl0
673:Cyxymu
668:Coolio
637:SilenZ
539:Groups
106:Fakerr
48:Fakerr
1005:Storm
917:Bagle
891:Gruel
886:Sobig
839:Nimda
627:AKill
574:0x1fe
397:2010s
387:1990s
134:email
98:Gruel
45:Alias
22:Gruel
1050:2009
1024:2008
1010:ZeuS
998:2007
979:ZLOB
967:2006
953:Samy
941:2005
910:2004
869:2003
853:2002
844:Klez
822:2001
801:2000
658:BadB
569:GNAA
506:2009
475:2008
454:2007
438:2005
416:2004
334:2013
312:2013
286:2013
260:2013
136:and
128:and
110:worm
88:Size
80:and
53:Type
594:RBN
157:or
104:as
1088::
302:.
276:.
232:.
124:,
120:,
76:,
72:,
367:e
360:t
353:v
336:.
314:.
288:.
262:.
236:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.