JS.Gigger.A@mm arrives as an e-mail message with a subject line reading: "Outlook Express Update" and an attachment of Mmsn_offline.htm, according to an alert on Symantec's Web site. When executed, Gigger sets the Autoexec.bat file to reformat the hard drive when the computer is restarted.
The worm can spread through Outlook and Outlook Express and MAPI, according to Trend Micro. It requires WSCRIPT.EXE and/or CSCRIPT.EXE be on the infected machine in order to work properly.
If an infected machine isn't restarted, then removing the virus is a matter of fixing the changes to the registry and fixing the Autoexec.bat file, said Graham Cluley, senior technology consultant with Sophos. But if the machine was restarted, then Windows will need to be installed again and the files need to be recreated from backups.
Such a worm sounds pretty nasty but in fact such aggressive behavior is analogous to jumping up and down yelling "look at me," Cluley said. The more insidious viruses are those that make minor changes and continue over time undetected.
Gigger was quickly found and antivirus companies made appropriate updates to their software. Sophos received only one report of Gigger in the wild. "It's not a significant threat," Cluley said. "Gigger does have an unpleasant payload but it could be much worse."