 |
| - A - |
| - B - |
| - C - |
| - D - |
| - E - |
| - F - |
| - G - |
| - H - |
| - I - |
| - J - |
| - K - |
| - L - |
| - M - |
| - N - |
| - O - |
| - P - |
| - Q - |
| - R - |
| - S - |
| - T - |
| - U - |
| - V - |
| - W - |
| - X - |
| - Y - |
| - Z - |
HLLW Worm
HLLW Worm
Many variants of this worm are written in the Visual C++ language. It mostly spreads via networks, scanning the range of various IP addresses while attempting to access shared network drives. It also makes use of simple brute force techniques on network shares that are password protected. If brute force is successful, an HLLW worm often unloads two infectious components: a dropper for an IRC-controlled backdoor and a remote execution program. It is able to execute the dropper by previously using another remote execution program. Once all files have been installed, an HLLW worm will usually create registry keys within the system to ensure that it’s executed once the computer has been rebooted.
The W32/HLLW.Deloader is one such worm that is very effective at brute force. This is because it contains a small library with a list of common passwords, giving it a much greater probability of hacking into a network.