Discovered on: December 11, 2003
Last Updated on: December 13, 2003 10:54:09 AM
W32.HLLW.Gaobot.EE is a worm that uses several exploits to spread. It acts as a spam proxy, using the infected computer to send large numbers of unsolicited emails using its own SMTP engine. This worm also opens a backdoor on a random TCP port, notifies attackers through a predetermined IRC channel, and attempts to terminate various security products and system monitoring tools.
This worm propagates using multiple vulnerabilities, including:
Weak passwords on network shares
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP ports 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80
Variants: W32.HLLW.Gaobot
Type: Worm
http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic