Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.HLLW.Gaobot.EE

Dec 12, 2003 2:32PM PST

Discovered on: December 11, 2003
Last Updated on: December 13, 2003 10:54:09 AM

W32.HLLW.Gaobot.EE is a worm that uses several exploits to spread. It acts as a spam proxy, using the infected computer to send large numbers of unsolicited emails using its own SMTP engine. This worm also opens a backdoor on a random TCP port, notifies attackers through a predetermined IRC channel, and attempts to terminate various security products and system monitoring tools.

This worm propagates using multiple vulnerabilities, including:


Weak passwords on network shares
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP ports 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80



Variants: W32.HLLW.Gaobot
Type: Worm

http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html

Discussion is locked