W32.HLLW.Gaobot.BE

W32.HLLW.Gaobot.BE is a minor variant of W32.HLLW.Gaobot.AO. It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.

The worm uses multiple vulnerabilities to spread, including:

• The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
• The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445.
• The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
  

W32.HLLW.Gaobot.BE is compressed with FSG.

Note: Virus definitions dated prior to October 28, 2003 may detect this threat as W32.HLLW.Gaobot.BD.

Protection

• Initial Rapid Release version October 27, 2003
• Latest Rapid Release version October 27, 2003
• Initial Daily Certified version October 27, 2003
• Latest Daily Certified version October 27, 2003
• Initial Weekly Certified release date October 29, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: Medium