Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.Galil.F@mm

Feb 3, 2004 10:18AM PST

Discovered on: February 02, 2004
Last Updated on: February 03, 2004 04:21:07 PM

W32.Galil.F@mm is a mass-mailing worm that uses its own SMTP engine or Microsoft Outlook to spread. It harvests email addresses from the files in the current user's Temporary Internet Files folder, Yahoo Messenger, Microsoft Outlook address book, as well as the files whose extensions are .asf, .avi, .doc, .jpg, .mdb, .mpe, .mpeg, .mpg, .pps, .ram, .rar, or .xls.

The worm may spoof the "From" field. The email message has a randomly selected subject line, which may also be the attachment name. The attachment has a .bhx, .exe, .hqx, .mim, .uu , .uue, or .xxe extension.

It is written in the Microsoft Visual Basic (VB) programming language and is compressed with UPX.


Also Known As: W32/Holar-G [Sophos], W32/Holar.gen@MM [McAfee]

Type: Worm

http://securityresponse.symantec.com/avcenter/venc/data/w32.galil.f@mm.html

Discussion is locked