1. Symantec/
  2. Security Response/
  3. W32.HLLW.Gaobot.AF


Risk Level 2: Low

September 16, 2003
February 13, 2007 12:07:29 PM
Also Known As:
W32.HLLW.Gaobot.AA, Backdoor.Agobot.3.h [Kaspersky
Systems Affected:

W32.HLLW.Gaobot.AF is a minor variant of W32.HLLW.Gaobot.AA and W32.HLLW.Gaobot.AE. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.

The worm uses multiple vulnerabilities, including:
  • The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. Using this exploit, the worm specifically targets Windows XP computers.
  • The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.

    W32.HLLW.Gaobot.AF is compressed with UPX.

    Note: Virus definitions dated prior to September 17, 2003 may detect this threat as W32.HLLW.Gaobot.AA.

Antivirus Protection Dates

  • Initial Rapid Release version September 17, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 17, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date September 17, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Ying Lin

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube