1. /
  2. Security Response/
  3. W32.Yaha.K@mm


Risk Level 2: Low

December 24, 2002
February 13, 2007 11:41:53 AM
Also Known As:
W32/Yaha.k [McAfee], I-Worm.Lentin.i [KAV], Win32/Yaha.K@mm [GeCAD], W32/Yaha-K [Sophos], Win32.Yaha.K [CA], W32/Yaha.M-mm [MessageLabs]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.

W32.Yaha.K@mm is a worm that is a variant of W32.Yaha.J@mm. This worm terminates some antivirus and firewall processes. It uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has randomly chosen the subject line, message, and attachment name.

This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 75 KB.

Antivirus Protection Dates

  • Initial Rapid Release version December 26, 2002
  • Latest Rapid Release version March 10, 2011 revision 016
  • Initial Daily Certified version December 26, 2002
  • Latest Daily Certified version March 10, 2011 revision 022
  • Initial Weekly Certified release date December 30, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report