1. Symantec/
  2. Security Response/
  3. W32.HLLW.Kickin.A@mm


Risk Level 2: Low

May 5, 2003
February 13, 2007 12:01:01 PM
Also Known As:
W32.HLLW.Cydog.C@mm, Win32.Kickin.A [CA], W32/Kickin@MM [McAfee]
Systems Affected:

W32.HLLW.Kickin.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds in the following address books:
  • .NET Messenger
  • MSN Messenger
  • Yahoo Pager
  • Windows
  • ICQ Address Books

    The worm also sends itself to the email addresses from the files whose extensions contain the letters ht or ml. The email message has a randomly chosen subject line, message body, and attachment filename. W32.HLLW.Kickin.A@mm spoofs the sender's email address. The attachment has the extension .com, .exe, .scr, or .pif.

The worm also attempts to spread itself through the Morpheus, Bearshare, and Edonkey2000 file-sharing networks, and through mIRC. This worm terminates some antivirus and firewall processes.

This threat is written in the Microsoft C++ programming language and is compressed with UPX.

NOTE: Virus definitions dated prior to May 8, 2003 may detect this as W32.HLLW.Cydog.C@mm.

A minor variant which displays the same functionality as the original was discovered on May 7, 2003. Detection for this variant is included in virus definitions dated May 8, 2003 and later.

Antivirus Protection Dates

  • Initial Rapid Release version May 6, 2003
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version May 6, 2003
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date May 7, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube