||||
Symantec.com > Security Response > Threats and Risks > W32.HLLW.Maax.B@mm
PRINT THIS PAGE

W32.HLLW.Maax.B@mm

Risk Level 2: Low

Printer Friendly Page

Discovered: May 14, 2003
Updated: February 13, 2007 12:01:19 PM
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


W32.HLLW.Maax.B@mm is a mass-mailing worm that uses a current MAPI program (for example, Microsoft Outlook ) to send itself to all the contacts in a current MAPI program's Address Book. When this worm is run, a message displays with the title, "Axam Spitmaxa Worm II." Refer to the Technical Details section for more information.

The worm also attempts to spread itself through KaZaA, KaZaA Lite, Morpheus, Grokster, BearShare, Edonkey2000, and Limewire file-sharing networks.

The email that the worm sends has the following characteristics:

Subject: The subject line is one of the following:
WHEN US GOVERMENT TO STOP THE INVADED IN IRAQ?!
News: US vs Iraq Issue
Strike on Iraq
Hi! ;)
Good Idea For ya!
DAA Holding have an Idea for Bussiness man
Great Job for Professional Programmer
Trade and Care about customer!
Don't missed Logon to DAABussiness.com
Are you a Bussiness man?
How to make a money in one day?
Care to trade world map?
How to prevent from Pirate CD!
Job for you!
Do you have an enough salaries for you job?
Don't waste your money!
HAVE A NICE DAY!
Why US invade on Iraq?
No More Blood!
HOW TO PREVENT YOUR EMAIL FROM VIRUSES?

Message:
Dear Mr/Mrs/Sir/Mdm,
Are you tired to get the customer. It is important to know how to make your bussiness more efficient.
To get a tips and more advise. You can download it from the attachment or just click here <link to executable file on web>
to download from our FTP site.
Regard,
Yamamoto Hashimura,
Software Engineer of DAA Holding

Attachment: Tca.exe

W32.HLLW.Maax.B@mm attempts to terminate the processes of the antivirus and security-related programs.

This threat is written in the Microsoft Visual Basic (VB) programming language and is compressed with UPX.

Protection

  • Initial Rapid Release version May 14, 2003
  • Latest Rapid Release version July 12, 2008 revision 018
  • Initial Daily Certified version May 14, 2003
  • Latest Daily Certified version July 12, 2008 revision 019
  • Initial Weekly Certified release date May 14, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low

Writeup By: Yana Liu
Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS