Discovered: December 24, 2002
Updated: February 13, 2007 11:41:53 AM
Also Known As: W32/Yaha.k [McAfee], I-Worm.Lentin.i [KAV], Win32/Yaha.K@mm [GeCAD], W32/Yaha-K [Sophos], Win32.Yaha.K [CA], W32/Yaha.M-mm [MessageLabs]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.
W32.Yaha.K@mm is a worm that is a variant of
W32.Yaha.J@mm. This worm terminates some antivirus and firewall processes. It uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has randomly chosen the subject line, message, and attachment name.
This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 75 KB.
Protection
-
Initial Rapid Release version December 26, 2002
-
Latest Rapid Release version January 24, 2010 revision 039
-
Initial Daily Certified version December 26, 2002
-
Latest Daily Certified version January 25, 2010 revision 003
-
Initial Weekly Certified release date December 30, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: High
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
Writeup By: Robert X Wang
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
