Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.HLLW.Gaobot.JB

Feb 4, 2004 10:43AM PST

Discovered on: January 04, 2004
Last Updated on: February 04, 2004 05:22:09 PM

W32.HLLW.Gaobot.JB is a minor variant of W32.HLLW.Gaobot.BF that uses a different file name and is repacked with PECompact. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.

The worm uses multiple vulnerabilities to spread, including:

The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.



Variants: W32.HLLW.Gaobot.FB, W32.HLLW.Gaobot.gen

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html

Discussion is locked