W32.Hokilo.irc


Aliases: Win32.Hokillo.8192, W32/Hokilo, Win32/Trilima.J@mm, W32/Okoh, W32.Worm.Hoko
Variants: W32/Hokilo.worm, Email-Worm.Win32.Trilissa.j, I-Worm.Trilissa.j, Win32/Trilissa.J, Win32.Trilissa.E@mm

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 26 Jun 2002
Damage: Low

Characteristics: Considered by many antivirus developers as a reasonably harmless Worm variant, it gains entry into a vulnerable system using a filename with double extension. Since the W32.Hokilo.irc has been observed to take advantage of vulnerabilities in the Internet Relay Chat service, it is possible that its files may be transmitted to the intended target using online clients. There is a possibility that it may be transferred via email messaging or directly from a malicious website.

More details about W32.Hokilo.irc

When the Shell Scrap Object which is used to package this malware is launched in a vulnerable computer system, it will extract an embedded executable file that serves as the main trigger file for the W32.Hokilo.irc. The Shell Scrap Object packaging is represented by the SHS file extension with a corresponding icon. The filename used by the embedded executable file for the W32.Hokilo.irc has obvious reference to the World Cup. It is presumed that this is part of the ploy of the malicious author to conceal the real motive for the delivery of the file. The executable file of the W32.Hokilo.irc will proceed by generating a VBScript format file in the root directory of the main hard drive.

The script file generated by the W32.Hokilo.irc is used to modify the initialization file for the Internet Relay Chat client. The initialization file is normally stored in the same location where the program is installed. Once the initialization file is successfully sent, it will allow the W32.Hokilo.irc to send its file to any recipient in the contact list of the user. The executable file of the W32.Hokilo.irc will create a batch file in the root directory of the main hard drive and launch it. Once the batch file is run, it will display a message on the computer user's screen.