Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- August 22, 2002
- Updated:
- February 13, 2007 11:40:05 AM
- Also Known As:
- W32/Duload.worm [McAfee], W32/Duload-A [Sophos], WORM_DULOAD.A [Trend]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.HLLW.Yoof is a worm that spreads by using the KaZaA file-sharing program. It tricks KaZaA users into downloading and executing the worm.
When W32.HLLW.Yoof runs, the worm copies itself as %system%\SystemConfig.exe and creates the %system%\Media shared folder. It then copies itself to this folder using numerous file names, some of which are:
- Email Bomber.exe
- FileServer.exe
- Kazaa Clone.exe
- Napster Clone.exe
- Winmx.exe
- Website Hacker.exe
- Hotmail Hacker.exe
- Windows Hacker.exe
Antivirus Protection Dates
- Initial Rapid Release version August 22, 2002
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version August 22, 2002
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date August 22, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Low
Distribution
- Distribution Level: Medium
Writeup By: Douglas Knowles
