Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- December 13, 2001
- Updated:
- February 13, 2007 11:37:55 AM
- Also Known As:
- W32/GOP@MM [McAfee], W32/Gop-A [Sophos], W32/Gop-C [Sophos], Troj/Gop [Sophos], WORM_GOP.A [Trend], WORM_GOP.B [Trend], WORM_GOP.E [Trend], Win32.PSW.Gop.196.2 [CA], Win32.PSW.Gop.196.3 [CA], I-Worm.GOPworm.153 [KAV], I-Worm.GOPworm.153.b [KAV], I-Worm.GOPworm.1963 [KAV], I-Worm.GOPworm.196 [KAV], Trojan.PSW.GOPtrojan.196 [KAV]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
- CVE References:
- CVE-2001-0154
W32.HLLW.GOP@mm is a mass-mailing worm that copies itself to the hard drive as C:\Windows\System\Kernelsys32.exe. It also searches the network drives and copies itself to \Recycled\Notdelw.i.n.v.e.r.y.i.f.y.exe on any mapped drive on which it can find an operating system. Then, W32.HLLW.GOP@mm sets that particular file to run at startup by modifying the Win.ini file.
Antivirus Protection Dates
- Initial Rapid Release version December 15, 2001
- Latest Rapid Release version July 31, 2011 revision 017
- Initial Daily Certified version December 15, 2001
- Latest Daily Certified version August 1, 2011 revision 005
- Initial Weekly Certified release date December 19, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Medium
- Number of Infections: 50 - 999
- Number of Sites: 3 - 9
- Geographical Distribution: Medium
- Threat Containment: Moderate
- Removal: Moderate
Damage
- Damage Level: Low
Distribution
- Distribution Level: High
Writeup By: Douglas Knowles
