W32.HLLW.Indor.B@mm is a mass-mailing worm that uses Microsoft Outlook to send a zipped copy of itself to all the contacts in the Microsoft Outlook Address Book. When W32.HLLW.Indor.B@mm runs, it displays a fake message, stating "Error in file #1: bad Zip file offset (Error local header signature not found): disk #1 offset: 68669733"
W32.HLLW.Indor.B@mm can also spread through network drives, floppy disks, the KaZaA file-sharing network, and mIRC.
The email has the following characteristics:
The subject line is one of the following:
- Your verification is required Confirm FFA submission and receive 1000 Credit
- Your Success Is Guranteed!
- You are Losing Income
- WHY NOT CHECK IT OUT? IT'S FREE!
- Free Software, Download it now !!
- Free MP3, OGG/VORBIS Hit Songs !!
- Download DVD Movie Now !! Its Free..!
- URGENT: Please Verify Your Submission Confirm FFA submission !!
- The E.A.S.E System Can Make You Money At Home!!
- Thank You !
- Re: Your Daily Report
- Re: Web Site Report
- WE send the TRAFFIC, YOU make the SALES!
- Thank You For Your Subscription - Confirmation
- Need a quick $100 today?
- Confirmation Email - Required !
The attachment, which is a zipped copy of the worm, is one of the following:
This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.