Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- November 6, 2002
- Updated:
- February 13, 2007 11:58:56 AM
- Also Known As:
- I-Worm.Roron.12 [AVP]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.HLLW.Oror@mm is a mass-mailing worm that sends itself to all email addresses that it finds in incoming messages. The worm also spreads by using mIRC, network shares, and mapped drives. It attempts to close windows and delete files of various antivirus and firewall programs. Generally, the email message is constructed mainly from randomly selected combinations of strings. However, some email messages are not constructed randomly; these email messages will be one of the following:
Subject: Blondinkii
Attachment: Blondies.exe
Subject: <Infected computer's current user name> sent you a Yahoo! Greeting_
Attachment: Yahoo!Tomcats.exe
Subject: Microsoft Bulgaria_
Attachment: IE_0274_bg.exe
Subject: Vajno_
Attachment: IE50_032_Setup.exe
Subject: WinAmp Team_
Attachment: Iguana1.0_skin.exe
Subject: Virus Alert_
Attachment: IE_0276_Setup.exe
Subject: Yahoo! Toolbar_
Attachment: Yahoo!Toolbar.exe
Antivirus Protection Dates
- Initial Rapid Release version November 6, 2002
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version November 6, 2002
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date November 6, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: High
Writeup By: Douglas Knowles
