1. Symantec/
  2. Security Response/
  3. W32.Galil.F@mm


Risk Level 2: Low

February 2, 2004
February 13, 2007 12:16:59 PM
Also Known As:
W32/Holar.gen@MM [McAfee], I-Worm.Holar.f [Kaspersky]
Systems Affected:

W32.Galil.F@mm is a mass-mailing worm that uses its own SMTP engine or Microsoft Outlook to spread. It harvests email addresses from the files in the current user's Temporary Internet Files folder, Yahoo Messenger, Microsoft Outlook address book, as well as the files whose extensions are .asf, .avi, .doc, .jpg, .mdb, .mpe, .mpeg, .mpg, .pps, .ram, .rar, or .xls.

The worm may spoof the "From" field. The email message has a randomly selected subject line, which may also be the attachment name. The attachment has a .bhx, .exe, .hqx, .mim, .uu , .uue, or .xxe extension.

It is written in the Microsoft Visual Basic (VB) programming language and is compressed with UPX.

Antivirus Protection Dates

  • Initial Rapid Release version February 3, 2004
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version February 3, 2004
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date February 4, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube