Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- March 3, 2003
- Updated:
- February 13, 2007 11:43:40 AM
- Also Known As:
- W32/Yaha.p@MM [McAfee], WORM_YAHA.P [Trend], I-Worm.Lentin.m [KAV], Win32.Yaha.P [CA], Win32.Yaha.Q [CA], W32/Yaha-P [Sophos], W32/Yaha-Q [Sophos]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
- CVE References:
- CVE-2001-0154
The W32.Yaha.P@mm worm is a variant of W32.Yaha.L@mm. This variant of the worm terminates some antivirus and firewall processes.
W32.Yaha.P@mm uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and in all the files whose extensions contain the letters HT. The email message has a randomly chosen subject line, message, and attachment. The attachment will have either a .exe or .scr file extension.
This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 45 KB.
Antivirus Protection Dates
- Initial Rapid Release version March 4, 2003
- Latest Rapid Release version September 3, 2011 revision 033
- Initial Daily Certified version March 4, 2003
- Latest Daily Certified version September 4, 2011 revision 002
- Initial Weekly Certified release date March 5, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: High
Writeup By: Douglas Knowles
