Phatbot (aka W32.HLLW.Gaobot.) (Question 12153)| Data Doctors Free Help

Phatbot (aka W32.HLLW.Gaobot.), a family of variants attacking the net is taking no hostages!

This question was answered on March 17, 2004. Much of the information contained herein may have changed since posting.

Be on the lookout for the explosion of a new variant to an old virus, 'Phatbot'! This trojan uses peer-to-peer networking abilities to wreak havoc Phatbot has several aliasis, such as, Agobot.FO, Gaobot, Backdoor.Agobot.3.x, & W32.HLLW.GAOBOT.XX (XX=several different variations) The variant has backdoor functionality that is far more dangerous than earlier versions It uses multiple vulnerabilities to spread and allows hackers to access infected computers through IRC

Although the variant family has only reached a level 2 risk at SARC, security experts believe that this attack is capable of causing significant damage to users world wide The worm has the capability to polymorph on install to avoid anti-virus signatures as it spreads from system to system The worm also steals logins, passwords, and gaming product ID's The following systems are effected: Windows 2000, 95, 98, Me, NT, Server 2003, & XP.

The email message has the following characteristics:

Subject, From, & Name Of Attachment: N/A

Security experts strongly urge all users to verify your OS software and all anti-virus definitions are up-to-date By blocking any backdoor weaknesses you decrease your chances for infection

Note: This variant also has the functionality to steal Windows Product ID's

You can get updates to all Microsoft OS's at:

http://windowsupdate.microsoft.com

You can get more technical information about this outbreak at:

http://www.f-secure.com/v-descs/agobot_fo.shtml

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.gen.html