Aliases: W32.Huegone, huegone
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, Europe, Australia, North and South America
Removal: Easy
Platform: W32
Discovered: 23 Mar 2007
Damage: Low

Characteristics: According to majority of antivirus developers, this particular Worm variant is designed to deliver Web browser hijacking functionality as its main payload. The Web browser is redirected by the W32.Huegone@mm to a website possibly controlled by its malicious author. The W32.Huegone@mm may enter a vulnerable computer system via spiked email message. The message sent by the W32.Huegone@mm makes use of a randomly chosen subject line with an equally randomly generated filename.

More details about W32.Huegone@mm

This particular malware variant was designed by its malicious author to target computer systems that operate at a specific language set. The W32.Huegone@mm would normally on its initial execution verify whether the compromised computer system is using either the Persian of Arabic language. If the malware finds that it is neither, it will immediately terminate all of its routines. However, if the language set of the computer system meets the condition of the W32.Huegone@mm, it will proceed to generate two TMP format files into a temporary folder of the main hard drive. The two temporary files dropped by the W32.Huegone@mm malware contain the instruction sets required by the malware to attain mass mailing functionality and spread its codes.

After it has installed the necessary file components into the infected computer system, the W32.Huegone@mm will scan the address book of the default email client as well as contents of the address book of a popular Web mail host. The retrieved email addresses by the W32.Huegone@mm from the two sources will be used as the next targets for its propagation routine. The W32.Huegone@mm will send all the gathered email addresses a message that contains a copy of its codes. The subject and message body is chosen from a predefined list while the filename of the attachment is randomly generated.