1. Symantec/
  2. Security Response/
  3. W32.HLLW.Caspid


Risk Level 1: Very Low

September 11, 2003
February 13, 2007 12:07:11 PM
Worm, Virus
Systems Affected:

W32.HLLW.Caspid is a worm that spreads through file-sharing networks, such as Morpheus and KaZaA. It is a virus that infects HTML files. This worm may also spread through email by setting itself as the default stationery used in email messages.

W32.HLLW.Caspid takes advantage of a vulnerability described in MS03-14, which allows for the execution of a MIME-encoded program inside an HTML file.

This worm is written in Visual Basic and is packed with UPX.

The existence of %Windir%\Capside.exe or %Windir%\Capside.htm is an indication of infection.

Antivirus Protection Dates

  • Initial Rapid Release version September 11, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 11, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date September 11, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Heather Shannon

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube