|
W32.HLLW.Hai is a worm that
spreads over a network. It spreads by looking for computers
1) on which the NetBIOS protocol is installed
2) that share the \Windows folder with full access for "Everyone."
The worm does this by spawning
a new thread that looks for computers with open Windows shares.
When it finds such a computer, the worm copies itself into
the \Windows folder. It also modifies the Win.ini file so
that the next time the computer is started, the worm will
be executed. The name that this worm uses is chosen at random.
All of the samples of this worm
that SARC has received have been encrypted with a known Portable
Executable (PE) file-encryption program.
W32.HLLW.Hai is a worm written
in C++.
|
