NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.
W32.Yaha.K@mm is a worm that is a variant of W32.Yaha.J@mm
. This worm terminates some antivirus and firewall processes. It uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has randomly chosen the subject line, message, and attachment name.
This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 75 KB.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.