New Email Worm with Backdoor Capabilities!

Question

Symantec response reports W32.HLLW.Cult.C@mm level 2 email worm with backdoor capabilities found on 4-2-03!

Answer

This question was answered on April 4, 2003. Much of the information contained herein may have changed since posting.

W32.HLLW.Cult.C@mm is an email worm that has backdoor capabilities. It uses its own SMTP engine to send itself to randomly generated recipient names at these domains:

        -email.com

        -earthlink.net

        -roadrunner.com

        -yahoo.com

        -msn.com

        -hotmail.com

The email message has the following characteristics:

Subject: Hi, I sent you an eCard from BlueMountain.com

Message:

Hi , I sent you an eCard from Blue-Mountain.com To view your eCard, open the attachment

If you have any comments or questions, please visit http:/ /www.bluemountain.com/customer/index.pd

Thanks for using BlueMountain.com.

Attachment: BlueMountaineCard.pif

All Windows operating systems are affected.

Get complete instruction on protection and removal from Symantec at:

<a href= "http://sarc.com/avcenter/venc/data/w32.hllw.cult.c@mm.html"> http://sarc.com/avcenter/venc/data/w32.hllw.cult.c@mm.html</a>

Author

Posted by Michal of Data Doctors on April 4, 2003