W32.HLLW.Lavits

W32.HLLW.Lavits is a worm that attempts to spread across the KaZaA file-sharing network. This worm also uses Microsoft Outlook to send email to all the contacts in the Microsoft Outlook Address Book. When W32.HLLW.Lavits is run, it will display a fake message with the message title "Application Error."

The email does not have an attachment. The email messages have the following characteristics:

Subject: Where are you?
Message Body:
Hi!
Where are you?,I enjoy speaking with you :)
Simdi icinden buda kim diyorsundur :)

W32.HLLW.Lavits is written in Visual Basic (VB) and is packed with UPX.

NOTE: Definitions dated prior to June 6, 2003 may detect this threat as W32.HLLW.Xolox@mm.





Security Response could not successfully reproduce the mass-mailing routine in a controlled laboratory environment. The worm did not attach itself to any outgoing emails.

Protection

• Initial Rapid Release version June 5, 2003
• Latest Rapid Release version July 12, 2008 revision 018
• Initial Daily Certified version June 5, 2003
• Latest Daily Certified version July 12, 2008 revision 019
• Initial Weekly Certified release date June 5, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Low

Distribution

• Distribution Level: Medium