Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.HLLW.Gaobot.DK

Dec 5, 2003 12:55PM PST

Discovered on: December 05, 2003
Last Updated on: December 06, 2003 12:46:52 PM

W32.HLLW.Gaobot.DK is a worm that uses several exploits to spread. It acts as a spam proxy, using the infected computer to send large numbers of unsolicited emails using its own SMTP engine. This worm also opens a backdoor to a predetermined IRC channel.

This worm propagates using multiple vulnerabilities, including:

Weak passwords on network shares
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP ports 135 and 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80


W32.HLLW.Gaobot.DK gives an attacker complete access to your computer. By default, the worm listens on TCP port 63809 and notifies the attacker through IRC. The Trojan attempts to terminate various security products and system-monitoring tools.



Type: Worm

http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html

Discussion is locked