1. Symantec/
  2. Security Response/
  3. W32.Yaha.K@mm


Risk Level 2: Low

December 24, 2002
February 13, 2007 11:41:53 AM
Also Known As:
W32/Yaha.k [McAfee], I-Worm.Lentin.i [KAV], Win32/Yaha.K@mm [GeCAD], W32/Yaha-K [Sophos], Win32.Yaha.K [CA], W32/Yaha.M-mm [MessageLabs]
Systems Affected:

NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.

W32.Yaha.K@mm is a worm that is a variant of W32.Yaha.J@mm. This worm terminates some antivirus and firewall processes. It uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has randomly chosen the subject line, message, and attachment name.

This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 75 KB.

Antivirus Protection Dates

  • Initial Rapid Release version December 26, 2002
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version December 26, 2002
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date December 30, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube