W32.Yaha.AE@mm is a variant of the W32.Yaha.J@mm
worm that does the following:
- Terminates some antivirus and firewall processes.
- Uses its own SMTP engine to email itself to all the contacts in Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, ICQ Pager, as well as in all the files whose extensions contain the letters HT.
- Attempts to spread itself through network-shared folders and mapped drives.
- Attempts to spread itself through the KaZaA file-sharing network.
- Installs a keylogger and emails the logs to its author.
- Performs Denial of Service (DoS) attacks to some specified and random hosts on TCP ports 135, 139, and 445.
The email message has a randomly chosen subject line, message, and attachment name. The attachment will have a .com, .exe, or .zip file extension.
This threat is written in the Microsoft Visual C++ programming language and is compressed with FSG.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.