W32.HLLW.Cydog@mm

W32.HLLW.Cydog@mm is a mass-mailing worm that spreads by email. This worm uses Microsoft Outlook to send itself to the contacts in the Outlook Address Book:

• The email will have a random subject chosen from a predetermined selection.
• The attachment will have a random file name chosen from a predetermined selection, with a file extension of .exe or .scr.

W32.HLLW.Cydog@mm also attempts to spread using the KaZaA, eDonkey2000, Bearshare, Grokster, and Morpheus file-sharing networks. The worm attempts to terminate the active processes of various antivirus programs and system utilities.

W32.HLLW.Cydog@mm also attempts to delete:

• Program files that Norton AntiVirus products use
• Files shared by various Symantec programs, including the virus definition files

W32.HLLW.Cydog@mm is a Visual Basic application that is packed with UPX 1.24.

Protection

• Initial Rapid Release version February 26, 2003
• Latest Rapid Release version July 12, 2008 revision 018
• Initial Daily Certified version February 26, 2003
• Latest Daily Certified version July 12, 2008 revision 019
• Initial Weekly Certified release date February 26, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: High

Distribution

• Distribution Level: High