W32.HLLW.Caspid is a worm that spreads through file-sharing networks, such as Morpheus and KaZaA. It is a virus that infects HTML files. This worm may also spread through email by setting itself as the default stationery used in email messages.
W32.HLLW.Caspid takes advantage of a vulnerability described in MS03-14
, which allows for the execution of a MIME-encoded program inside an HTML file.
This worm is written in Visual Basic and is packed with UPX.
The existence of %Windir%\Capside.exe or %Windir%\Capside.htm is an indication of infection.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.