- December 4, 2002
- February 13, 2007 11:48:34 AM
Also Known As:
- W32.Holar.C@mm, W32/Holar.c@MM [McAfee], W32/Lagel.A [Panda], Win32.Holar.C [CA], WORM_HOLAR.C [Trend], I-Worm.Galil [KAV]
W32.Galil@mm is a mass-mailing worm. After sleeping about 15 minutes, it may overwrite all files in all folders on all writeable drives with 215 bytes of text. It deletes all files on drives D, E, F, and G. It is written in the Microsoft Visual Basic (VB) programming language and compressed with UPX. The size is 80,626 bytes after it is unpacked.
The worm uses its own SMTP engine or Microsoft Outlook to send itself to all addresses that it finds in files on the infected computer. Multiple copies of the worm can be attached to the outgoing email message. The message has the following characteristics:
Subject: Fwd: Crazy illegal sex !
Note: forwarded message attached.
The message is disguised as having been forwarded from a Yahoo account. Following the fake Yahoo forwarded headers, the message continues with the following text:
Is it really illegal in da USA?
who knows :P
if u have a weak heart i warn u
DON'T see dis Clip.
Emagine two young children havin
crazy sex fo da first time togetha !
loooool i'm still wonderin where thier
Good ?uck , oh sorry:">
i mean Good Luck :)
NOTE: Definitions dated prior to December 6, 2002, may detect this threat as W32.Holar.C@mm.
Antivirus Protection Dates
Initial Rapid Release version December 5, 2002
Latest Rapid Release version September 28, 2010 revision 054
Initial Daily Certified version December 5, 2002
Latest Daily Certified version September 28, 2010 revision 036
Initial Weekly Certified release date December 6, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu