W32.HLLW.Torvel.B@mm is a mass-mailing worm that uses the currently available MAPI program or its own SMTP engine to spread itself. The email has the following characteristics:
The subject line is one of the following:
- Do not release, its the internal rls!
- Undeliverable mail--
- Returned mail--
- here¦s a nice Picture
- New Internal Rls...
- here¦s the document
- here¦s the document you requested
- here¦s the archive you requested
- Your Account at Info@<FakeDomain> has expired.
The attachment can be one of the following:
- The worm may spoof the "From:" field of the email.
- The worm can copy itself to the network shares that have weak passwords.
- This worm also attempts to spread itself through the file-sharing networks, such KaZaA and Xolox, as well as ICQ and mIRC.
- This threat is written in the Borland Delphi programming language and is compressed with ASPack.
Definitions dated prior to October 16, 2003 may detect this threat as W32.HLLW.Torvil@mm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.