Discovered: September 16, 2003
Updated: February 13, 2007 12:07:29 PM
Also Known As: W32.HLLW.Gaobot.AA, Backdoor.Agobot.3.h [Kaspersky
Type: Worm
Systems Affected: Windows 2000, Windows NT, Windows XP
W32.HLLW.Gaobot.AF is a minor variant of W32.HLLW.Gaobot.AA and W32.HLLW.Gaobot.AE. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.
The worm uses multiple vulnerabilities, including:
- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. Using this exploit, the worm specifically targets Windows XP computers.
- The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
W32.HLLW.Gaobot.AF is compressed with UPX.
Note: Virus definitions dated prior to September 17, 2003 may detect this threat as W32.HLLW.Gaobot.AA.
Protection
-
Initial Rapid Release version September 17, 2003
-
Latest Rapid Release version April 11, 2008 revision 038
-
Initial Daily Certified version September 17, 2003
-
Latest Daily Certified version April 11, 2008 revision 050
-
Initial Weekly Certified release date September 17, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 50 - 999
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
-
Distribution Level: Medium
Writeup By: Ying Lin
