1. Symantec/
  2. Security Response/
  3. W32.Hobble.C@mm

W32.Hobble.C@mm

Risk Level 2: Low

Discovered:
October 9, 2002
Updated:
February 13, 2007 11:51:27 AM
Also Known As:
I-Worm.Alcaul.ab [AVP], I-Worm.generic [AVP], W32/Hobbit.b@MM [McAfee], W32/Hobbit.c@MM [McAfee], WORM_HOBBIT.B [Trend]
Type:
Worm
Systems Affected:
Windows

W32.Hobble.C@mm is a worm that attempts to spread across the KaZaA file-sharing network. It has mass-mailing capabilities. It can send itself to email addresses that it retrieves from .htm and .html files that it finds in the Internet Explorer cache, and to all addresses in the Microsoft Outlook Address Book. The email messages have the following characteristics:
  • Message 1
    This is sent to all addresses in the Microsoft Outlook Address Book.
    Subject: Fwd: Scan your computer for this new virus threat...
    Attachment: Anti-Bug.exe
  • Message 2
    This is sent to all addresses that it retrieves from .htm and .html files.
    Subject: AntiVirus Updates:
    Attachment 1: One of many with the .scr, .exe, .bat, or .pif file extension.
    Attachment 2: One of many with the .theme, .zip, or .bat file extension.





NOTE: Virus definitions prior to October 10, 2002, detect this threat as W32.Hobble@mm.

Antivirus Protection Dates

  • Initial Rapid Release version October 10, 2002
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version October 10, 2002
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date October 16, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube