1. /
  2. Security Response/
  3. W32.Feebs


Risk Level 2: Low

January 7, 2006
May 17, 2007 10:00:37 PM
Infection Length:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Feebs is a detection for a family of mass-mailing worm that also spreads through file-sharing networks and lowers security settings on the compromised computer. The worm may also send confidential information to a remote attacker via FTP.

The worm variant arrives as an email attachment with an .HTA extension. Once the .HTA file is viewed, a malicious JavaScript then drops or downloads a copy of the worm executable.

Antivirus Protection Dates

  • Initial Rapid Release version January 8, 2006
  • Latest Rapid Release version August 7, 2010 revision 032
  • Initial Daily Certified version January 8, 2006
  • Latest Daily Certified version August 8, 2010 revision 003
  • Initial Weekly Certified release date January 11, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Medium
  • Number of Infections: 50 - 999
  • Number of Sites: 10+
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate


  • Damage Level: Medium
  • Payload: May send a copy of itself to addresses gathered from the compromised computer.
  • Compromises Security Settings: May lower security settings by stopping security-related services.


  • Distribution Level: High
  • Subject of Email: Varies
  • Name of Attachment: Varies
  • Ports: TCP 80
Writeup By: Kaoru Hayashi

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver