W32/Hopalong.A, Hopalong.A, [email protected]
Category: Computer Worm
Active & Spreading
North and South America, Africa, Asia, Europe
25 Aug 2003
The [email protected]
is a type of mass mailing Worm which makes use of the default email client of the host computer system. It harvests email addresses stored in the address book of the email client and misrepresents itself to the recipient by hijacking the computer user's account discretely. This malware may allow unsecured remote connection to the infected computer system while remaining active in the machine's memory.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Execution of the malware into a vulnerable computer system will allow the dropping of an executable file into the directory of the operating system. The executable file associated with the [email protected]
will be accompanied by a VBS type file which is launched by the malware once is it completely extracted into the target machine. This VBS format file contains the mass mailing routine of the [email protected]
which is responsible for the sending of the copy of the malware's codes to all the contacts in the address book of the email client. Additional DBG format files will be dropped by the malware into the infected computer system. These support files are required by the [email protected]
for the complete delivery of its intended payload.
The [email protected]
is likewise responsible for replacing the logo file of the operating system with its own version. This logo file is used to display the operating system's design during computer boot up. A machine infected with the [email protected]
will not display the default operating system logo but rather an alert message informing the computer user that the machine has been infected by the Worm. Consistent with the properties of most mass mailing Worms, the [email protected]
will attempt to consciously hide its presence from the computer user to avoid detection. This is normally done by mixing its files with legitimate system files.