Dec 28

W32.HLLW.Gaobot.CA

By admin
Add comments
Virus
 
6 views

Name W32.HLLW.Gaobot.CA
Type
Affected Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Risk Level 1: Very Low
Discovered November 4, 2003
Update February 13, 2007 12:13:18 PM
Length
Info

W32.HLLW.Gaobot.CA is a minor variant of W32.HLLW.Gaobot.AO. It attempts to spread to network shares that have weak passwords and allows hackers to access an infected computer through an IRC channel.

The uses multiple vulnerabilities to spread, including:

  • The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135
  • The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445
  • The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80

W32.HLLW.Gaobot.CA is compressed with UPX.
Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 – 49
  • Number of Sites: 3 – 9
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium
Writeup By: John Canavan
Details >W32.HLLW.Gaobot.CA
convert this post to pdf. Tags: ,

Related Virus

"Free Scan W32.HLLW.Gaobot.CA

Print This Virus article Print This Virus article

This entry was posted on Friday, December 28th, 2007 at 3:05 pm and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

You must be logged in to post a comment.