W32.Shelp

Risk Level 2: Low

Printer Friendly Page

Discovered: May 17, 2005

Updated: February 13, 2007 12:39:01 PM

Also Known As: Bloodhound.Exploit.8, Win32.Shelp.A [Computer Associ, Net-Worm.Win32.Shelp.a [Kasper, Exploit-MS04-011.gen [McAfee], WORM_SHELP.A [Trend Micro]

Type: Worm

Systems Affected: Windows 2000, Windows Server 2003, Windows XP

W32.Shelp is a worm that propagates by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Note: Virus definitions dated prior to May 18, 2005 detect this risk as Bloodhound.Exploit.8.

Protection

Initial Rapid Release version May 18, 2005
Latest Rapid Release version April 6, 2009 revision 019
Initial Daily Certified version May 18, 2005
Latest Daily Certified version April 15, 2009 revision 048
Initial Weekly Certified release date May 18, 2005

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Moderate

Damage

Damage Level: Medium

Distribution

Distribution Level: Medium

Writeup By: Rodney Andres

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}