W32.Hobble.C@mm is a worm that attempts to spread across the KaZaA file-sharing network. It has mass-mailing capabilities. It can send itself to email addresses that it retrieves from .htm and .html files that it finds in the Internet Explorer cache, and to all addresses in the Microsoft Outlook Address Book. The email messages have the following characteristics:
- Message 1
This is sent to all addresses in the Microsoft Outlook Address Book.
Subject: Fwd: Scan your computer for this new virus threat...
- Message 2
This is sent to all addresses that it retrieves from .htm and .html files.
Subject: AntiVirus Updates:
Attachment 1: One of many with the .scr, .exe, .bat, or .pif file extension.
Attachment 2: One of many with the .theme, .zip, or .bat file extension.
Virus definitions prior to October 10, 2002, detect this threat as W32.Hobble@mm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.