Symantec India
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Virus alert: W32.Yarner.A@mm Level 3


MUMBAI -- February 20, 2002

Date: 19th February, 2002
Threat Assessment: Level 3 moderate
Virus Name: W32.Yarner.A@mm
Definition file version/date: February 19, 2002

Description:

  • Subject of email: Trojaner-Info Newsletter (current date)
  • Name of attachment: yawsetup.exe
  • Body: The message body is in German

W32.Yarner.A@mm is a mass-mailing worm written in the Delphi language. The worm sends itself to email addresses found in the Microsoft Outlook address book.

The worm uses the system configured or hard coded SMTP servers to send messages with the subject Trojaner-Info Newsletter and a message body in German. The attachment name is yawsetup.exe. In addition the worm may attempt to delete all files on the computer.

When executed, the worm copies itself to: %WinDir%\notepad.exe overwriting the Notepad application.  The worm saves the original Notepad application as: %WinDir\notedpad.exe. When executing Notepad, the worm executes itself and then attempts to launch the original Notepad application. In addition, the worm copies itself to %WinDir%\[random characters].exe. The worm uses MAPI to send itself as yawsetup.exe to email addresses listed in the Microsoft Outlook address book.

More information can be located at: http://securityresponse.symantec.com/avcenter/venc/data/w32.yarner.a@mm.html