Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.HLLW.Gaobot.DK

Dec 8, 2003 7:45AM PST

Discovered on: December 05, 2003
Last Updated on: December 08, 2003 12:42:48 PM

W32.HLLW.Gaobot.DK is a worm that uses several exploits to spread. It acts as a spam proxy, using the infected computer to send large numbers of unsolicited emails using its own SMTP engine. This worm also opens a backdoor to a predetermined IRC channel.

This worm propagates using multiple vulnerabilities, including:

Weak passwords on network shares
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP ports 135 and 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80


W32.HLLW.Gaobot.DK gives an attacker complete access to your computer. By default, the worm listens on TCP port 63809 and notifies the attacker through IRC. The worm attempts to terminate various security products and system-monitoring tools.


--------------------------------------------------------------------------------
Note: Virus definitions released December 5th, 2003 detect this threat as W32.HLLW.Gaobot.gen.
--------------------------------------------------------------------------------


Also Known As: W32.HLLW.Gaobot.gen, W32/Gaobot.worm.gen [McAfee], Backdoor.Agobot.3.gen [Kaspersky]

Type: Worm

http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.dk.html

Discussion is locked