"Goga" (W97M.Gogaru.A)Trojan steals passwords! (6/14/2001)
This question was answered on June 15, 2001. Much of the information contained herein may have changed since posting.
The Goga is a macro-based virus which is designed to install a password stealing Trojan-horse program on to the victim's system, from the previously safe .RTF document format.
The macro was originally found on a Russian website, and was intentionally placed there by the author The macro contains instructions to create and execute two files from the root of the C drive, S.BAT and S.EXE.
Once executed, the worm steals and sends out (from the infected computer) user details for Internet access (i.e login, password and other information) to a centralized data collection point on the Internet.
As always, you should refrain from opening any attached file to an e-mail message if at all possible If you need to view the contents of an attached file, always save it to your Desktop, then run your (up-to-date) virus scan on the actual file before opening it.
Hackers are going to continue to exploit file formats that were considered safe in the past, so get in the habit of virus scanning everything that you download from e-mail before opening it.
About the author
Posted by Ken Colburn of Data Doctors on June 15, 2001