W32.Hobble.F@mm

Discussion in 'malware problems & news' started by Pieter_Arntz, Nov 11, 2002.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    W32.Hobble.F@mm is a variant of the W32.Hobble@mm worm. It attempts to spread across the KaZaA file-sharing network. It also sends itself to email addresses that it retrieves from .htm and .html files that it finds in the Internet Explorer cache, and to all addresses in the Microsoft Outlook Address Book. The email has the following characteristics:

    Subject: RE:
    Attachment: The email has two attachments. The first one is a copy of the worm, which is 18,432 Bytes in length. The second attachment is a random length text file.

    The threat is written in the Microsoft Visual Basic Programming Language and compressed with UPX.

    NOTE: Definitions dated prior to November 8, 2002 may detect this threat as W32.Alcatap.Worm

    http://www.sarc.com/avcenter/venc/data/w32.hobble.f@mm.html

    Link has to be copied and pasted due to @ sign
    (Have fun harvesters :D )

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.