Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- October 17, 2002
- Updated:
- February 13, 2007 11:40:52 AM
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.HLLW.Cozit is a worm that spreads using the KaZaA peer-to-peer network. It is written in Borland C++ and packed by the UPX runtime packer. It copies itself to the Windows folder as Svchost.exe and changes the registry to run this file whenever you start Windows. When the worm is executed, it copies itself to the KaZaA download folder using a file name chosen at random from a list that the worm carries. On December 1, the worm will display a message in the title bar of the foreground window.
Antivirus Protection Dates
- Initial Rapid Release version October 18, 2002
- Latest Rapid Release version October 18, 2002
- Initial Daily Certified version October 18, 2002
- Latest Daily Certified version October 18, 2002
- Initial Weekly Certified release date October 23, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Low
Distribution
- Distribution Level: Medium
Writeup By: Peter Ferrie
