W32.Hopalong@mm


Aliases: W32/Hopalong.A, Hopalong.A, W32.Hopalong@mm, Win32/Hopalong.A
Variants: worm_hopalong.a, hopalong

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: North and South America, Africa, Asia, Europe
Removal: Hard
Platform: W32
Discovered: 25 Aug 2003
Damage: Low

Characteristics: The W32.Hopalong@mm is a type of mass mailing Worm which makes use of the default email client of the host computer system. It harvests email addresses stored in the address book of the email client and misrepresents itself to the recipient by hijacking the computer user's account discretely. This malware may allow unsecured remote connection to the infected computer system while remaining active in the machine's memory.

More details about W32.Hopalong@mm

Execution of the malware into a vulnerable computer system will allow the dropping of an executable file into the directory of the operating system. The executable file associated with the W32.Hopalong@mm will be accompanied by a VBS type file which is launched by the malware once is it completely extracted into the target machine. This VBS format file contains the mass mailing routine of the W32.Hopalong@mm which is responsible for the sending of the copy of the malware's codes to all the contacts in the address book of the email client. Additional DBG format files will be dropped by the malware into the infected computer system. These support files are required by the W32.Hopalong@mm for the complete delivery of its intended payload.

The W32.Hopalong@mm is likewise responsible for replacing the logo file of the operating system with its own version. This logo file is used to display the operating system's design during computer boot up. A machine infected with the W32.Hopalong@mm will not display the default operating system logo but rather an alert message informing the computer user that the machine has been infected by the Worm. Consistent with the properties of most mass mailing Worms, the W32.Hopalong@mm will attempt to consciously hide its presence from the computer user to avoid detection. This is normally done by mixing its files with legitimate system files.