1. Symantec/
  2. Security Response/
  3. W32.HLLW.Maax.B@mm

W32.HLLW.Maax.B@mm

Risk Level 2: Low

Discovered:
May 14, 2003
Updated:
February 13, 2007 12:01:19 PM
Type:
Worm
Systems Affected:
Windows

W32.HLLW.Maax.B@mm is a mass-mailing worm that uses a current MAPI program (for example, Microsoft Outlook ) to send itself to all the contacts in a current MAPI program's Address Book. When this worm is run, a message displays with the title, "Axam Spitmaxa Worm II." Refer to the Technical Details section for more information.

The worm also attempts to spread itself through KaZaA, KaZaA Lite, Morpheus, Grokster, BearShare, Edonkey2000, and Limewire file-sharing networks.

The email that the worm sends has the following characteristics:

Subject: The subject line is one of the following:
WHEN US GOVERMENT TO STOP THE INVADED IN IRAQ?!
News: US vs Iraq Issue
Strike on Iraq
Hi! ;)
Good Idea For ya!
DAA Holding have an Idea for Bussiness man
Great Job for Professional Programmer
Trade and Care about customer!
Don't missed Logon to DAABussiness.com
Are you a Bussiness man?
How to make a money in one day?
Care to trade world map?
How to prevent from Pirate CD!
Job for you!
Do you have an enough salaries for you job?
Don't waste your money!
HAVE A NICE DAY!
Why US invade on Iraq?
No More Blood!
HOW TO PREVENT YOUR EMAIL FROM VIRUSES?

Message:
Dear Mr/Mrs/Sir/Mdm,
Are you tired to get the customer. It is important to know how to make your bussiness more efficient.
To get a tips and more advise. You can download it from the attachment or just click here <link to executable file on web>
to download from our FTP site.
Regard,
Yamamoto Hashimura,
Software Engineer of DAA Holding

Attachment: Tca.exe

W32.HLLW.Maax.B@mm attempts to terminate the processes of the antivirus and security-related programs.

This threat is written in the Microsoft Visual Basic (VB) programming language and is compressed with UPX.

Antivirus Protection Dates

  • Initial Rapid Release version May 14, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version May 14, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date May 14, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube