W32.HLLW.Fankr@mm

W32.HLLW.Fankr@mm is a mass-mailing worm that attempts to email itself to all the contacts in the Windows Address Book. The email has the following characteristics:

Subject: One of the following:

• [Ahnlab]Warning:Win32/Opasoft.Worm.17408.J
• [Hauri]Warning:Trojan.Win32.Opaserv.H
• [Symantec]Waring:W32.Yaha.Worm.G
• [McAfee]Warning:W32.Cunario.Worm.G
• [TrendMicro]WariningTroj.Amand.J
• [Microsoft]KB:Q328374How to dectect the mIRC Trojan
• [KISA-CERT/CC][Technical Document]How to analysis hacking Windows NT/2000
• [KasperskyLabs][Released]Virus Scaning Tool(FREE)

Attachment: One of the following:

• Setup.EXE
• Install.exe
• TrojanRemover.exe
• antiopaserv.exe
• VirusFixtool.exe
• FileRecorvery.exe

Message Body:
Hello: & This days, Much malicious code is spreaded through Internet, e-mail, P2P programs, ETC. & This file is useful virus fix tool. & Please save it to disk and excute this file.

W32.HLLW.Fankr@mm is written in the Microsoft Visual Basic (VB) programming language and is compressed with UPX. The VB run-time libraries are required to execute W32.HLLW.Fankr@mm.

NOTE: Due to bugs in the code, the worm does not properly work.

Protection

• Initial Rapid Release version June 13, 2003
• Latest Rapid Release version July 19, 2008 revision 019
• Initial Daily Certified version June 13, 2003
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date June 18, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.