Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- June 4, 2003
- Updated:
- February 13, 2007 12:02:01 PM
- Also Known As:
- W32.HLLW.Xolox@mm
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.HLLW.Lavits is a worm that attempts to spread across the KaZaA file-sharing network. This worm also uses Microsoft Outlook to send email to all the contacts in the Microsoft Outlook Address Book. When W32.HLLW.Lavits is run, it will display a fake message with the message title "Application Error."
The email does not have an attachment. The email messages have the following characteristics:
Subject: Where are you?
Message Body:
Hi!
Where are you?,I enjoy speaking with you :)
Simdi icinden buda kim diyorsundur :)
W32.HLLW.Lavits is written in Visual Basic (VB) and is packed with UPX.
NOTE: Definitions dated prior to June 6, 2003 may detect this threat as W32.HLLW.Xolox@mm.
Security Response could not successfully reproduce the mass-mailing routine in a controlled laboratory environment. The worm did not attach itself to any outgoing emails.
Antivirus Protection Dates
- Initial Rapid Release version June 5, 2003
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version June 5, 2003
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date June 5, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Low
Distribution
- Distribution Level: Medium
Writeup By: Scott Gettis
