W32.HLLW.Cult.C@mm

W32.HLLW.Cult.C@mm is an email worm that has backdoor capabilities. It uses its own SMTP engine to send itself to randomly generated recipient names at these domains:

• email.com
• earthlink.net
• roadrunner.com
• yahoo.com
• msn.com
• hotmail.com

The email message has the following characteristics:

Subject: Hi, I sent you an eCard from BlueMountain.com
Message:
Hi , I sent you an eCard from Blue-Mountain.com To view your eCard, open the attachment
If you have any comments or questions, please visit http:/ /www.bluemountain.com/customer/index.pd
Thanks for using BlueMountain.com.
Attachment: BlueMountaineCard.pif

This threat is compressed with ASPack.

Protection

• Initial Rapid Release version April 2, 2003
• Latest Rapid Release version July 19, 2008 revision 019
• Initial Daily Certified version April 2, 2003
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date April 2, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High