Symantec response reports W32.HLLW.Cult.C@mm level 2 email worm with backdoor capabilities found on 4-2-03!
This question was answered on April 4, 2003. Much of the information contained herein may have changed since posting.
W32.HLLW.Cult.C@mm is an email worm that has backdoor capabilities It uses its own SMTP engine to send itself to randomly generated recipient names at these domains:
Â Â Â Â -email.com
Â Â Â Â -earthlink.net
Â Â Â Â -roadrunner.com
Â Â Â Â -yahoo.com
Â Â Â Â -msn.com
Â Â Â Â -hotmail.com
The email message has the following characteristics:
Subject: Hi, I sent you an eCard from BlueMountain.com
Hi , I sent you an eCard from Blue-Mountain.com To view your eCard, open the attachment
If you have any comments or questions, please visit http:/ /www.bluemountain.com/customer/index.pd
Thanks for using BlueMountain.com.
All Windows operating systems are affected.
Get complete instruction on protection and removal from Symantec at:
<a href= "http://sarc.com/avcenter/venc/data/[email protected]"> http://email@example.com</a>
About the author
Posted by Michal of Data Doctors on April 4, 2003