W32.HLLW.Gaobot.AF is a minor variant of W32.HLLW.Gaobot.AA and W32.HLLW.Gaobot.AE. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities, including:
- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. Using this exploit, the worm specifically targets Windows XP computers.
- The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
W32.HLLW.Gaobot.AF is compressed with UPX.
Note: Virus definitions dated prior to September 17, 2003 may detect this threat as W32.HLLW.Gaobot.AA.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.