Named W32/Gnuman.worm, or by the alias Mandragore, the malicious file poses as an ordinary, requested media file. This masked file, however, is actually an EXE file that infects a user's computer once the program is run, according to statements from a variety of anti-virus software vendors.
After it infects a computer, the virus cloaks itself for other Gnutella users, leading them also to believe that it is actually an MP3 music file or an image file. Every time a Gnutella user searches for media files in the infected computer, the virus will always appear as an answer to the request. If, for example, a user looked for songs containing the word "happy," the infected computer would return "happy.exe" as a response to the query, vendors said. Officials at McAfee -- a division of security specialist Network Associates -- discovered the virus Monday but have yet to identify its origin. McAfee said it is a low-risk threat at this point due to the fact that only users running Gnutella-compatible software will be affected. Computer Associates, Sophos and Kaspersky Labs all issued information on the virus Tuesday.
The virus does little damage other than taking up extra system resources. Confidential information and crucial files should not be affected, vendors said.