W32.HLLW.Backzat.G

W32.HLLW.Backzat.G is a mass-mailing worm that uses Microsoft Outlook to send itself to all the contacts in the Microsoft Outlook Address Book. It also attempts to spread itself through the Grokster, eDonkey2000, BearShare, Morpheus, and KaZaA file-sharing networks. This worm may distribute itself across the mapped drives and through AIM95, mIRC, and ICQ.

W32.HLLW.Backzat.G deletes the security software from your computer.

The email it sends has the following characteristics:

Subject: Fw: Hello there.
Message: Hey, I just recieved a screen saver in the mail and it is really cute. Take a loot.
Attachment: CuteKirby.Scr

This threat is written in the Microsoft C++ programming language and is compressed with UPX.

Protection

• Initial Rapid Release version January 22, 2003
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version January 22, 2003
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date January 22, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium

Distribution

• Distribution Level: Low