1. /
  2. Security Response/
  3. W32.Yaha.K@mm

W32.Yaha.K@mm

Risk Level 2: Low

Discovered:
December 24, 2002
Updated:
February 13, 2007 11:41:53 AM
Also Known As:
W32/Yaha.k [McAfee], I-Worm.Lentin.i [KAV], Win32/Yaha.K@mm [GeCAD], W32/Yaha-K [Sophos], Win32.Yaha.K [CA], W32/Yaha.M-mm [MessageLabs]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.

W32.Yaha.K@mm is a worm that is a variant of W32.Yaha.J@mm. This worm terminates some antivirus and firewall processes. It uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has randomly chosen the subject line, message, and attachment name.

This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 75 KB.



Antivirus Protection Dates

  • Initial Rapid Release version December 26, 2002
  • Latest Rapid Release version March 10, 2011 revision 016
  • Initial Daily Certified version December 26, 2002
  • Latest Daily Certified version March 10, 2011 revision 022
  • Initial Weekly Certified release date December 30, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver