Discovered on: December 05, 2003
Last Updated on: December 08, 2003 12:42:48 PM
W32.HLLW.Gaobot.DK is a worm that uses several exploits to spread. It acts as a spam proxy, using the infected computer to send large numbers of unsolicited emails using its own SMTP engine. This worm also opens a backdoor to a predetermined IRC channel.
This worm propagates using multiple vulnerabilities, including:
Weak passwords on network shares
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP ports 135 and 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80
W32.HLLW.Gaobot.DK gives an attacker complete access to your computer. By default, the worm listens on TCP port 63809 and notifies the attacker through IRC. The worm attempts to terminate various security products and system-monitoring tools.
--------------------------------------------------------------------------------
Note: Virus definitions released December 5th, 2003 detect this threat as W32.HLLW.Gaobot.gen.
--------------------------------------------------------------------------------
Also Known As: W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen [McAfee], Backdoor.Agobot.3.gen [Kaspersky]
Type: Worm
http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic