1. Symantec/
  2. Security Response/
  3. W32.Galil@mm


Risk Level 2: Low

December 4, 2002
February 13, 2007 11:48:34 AM
Also Known As:
W32.Holar.C@mm, W32/Holar.c@MM [McAfee], W32/Lagel.A [Panda], Win32.Holar.C [CA], WORM_HOLAR.C [Trend], I-Worm.Galil [KAV]
Systems Affected:

W32.Galil@mm is a mass-mailing worm. After sleeping about 15 minutes, it may overwrite all files in all folders on all writeable drives with 215 bytes of text. It deletes all files on drives D, E, F, and G. It is written in the Microsoft Visual Basic (VB) programming language and compressed with UPX. The size is 80,626 bytes after it is unpacked.

The worm uses its own SMTP engine or Microsoft Outlook to send itself to all addresses that it finds in files on the infected computer. Multiple copies of the worm can be attached to the outgoing email message. The message has the following characteristics:

Subject: Fwd: Crazy illegal sex !
Note: forwarded message attached.

The message is disguised as having been forwarded from a Yahoo account. Following the fake Yahoo forwarded headers, the message continues with the following text:


Is it really illegal in da USA?
who knows :P
if u have a weak heart i warn u
DON'T see dis Clip.
Emagine two young children havin
crazy sex fo da first time togetha !
loooool i'm still wonderin where thier
parents were?

Good ?uck , oh sorry:">
i mean Good Luck :)


Attachment: iLLeGal.exe

NOTE: Definitions dated prior to December 6, 2002, may detect this threat as W32.Holar.C@mm.

Antivirus Protection Dates

  • Initial Rapid Release version December 5, 2002
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version December 5, 2002
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date December 6, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube