Threat Description

Gogga

Details

Aliases: Gogga, Trojan.PSW.Goga, Goga
Category: Malware
Type:
Platform: W32

Summary


Goga is a trojan that is executed from a malicious Rich Text Formatted (.rtf) document. Due a security vulnerability, macros are able to execute from a template pointed by a RTF file without notification to the user in Microsoft Word.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


The macro in the template drops and executes an utility that collects dial-up settings from Windows. This includes the user name and the password. This information is then sent to another web site.

The template is no longer available on the web.

Further information and a fix for the vulnerability is available from Microsoft: https://www.microsoft.com/technet/security/bulletin/MS01-028.asp



Detection


F-Secure Anti-Virus detects this trojan with updates published at June 15th, 2001.



Technical Details:Katrin Tocheva, Gergely Erdelyi and Sami Rautiainen, F-Secure; June 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More