W32.Yaha@mm


Aliases: Email-Worm.Win32.Lentin.m , I-Worm.Lentin.m , W32/Yaha.p@MM , W32.Yaha.P@mm , Win32.HLLM.Yaha.4 
Variants: W32/Yaha-P, Win32/Yaha.P@mm, WORM_YAHA.P, Worm/Yaha.P, W32/Lentin.N@mm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 15 Feb 2002
Damage: Low

Characteristics: The W32/Yaha@mm program is a mass mailer that spreads by sending a copy of itself to all the e-mail addresses it finds in your Windows address book and in all the files with the.ht* extension. It duplicates itself particularly to the files, C:\Recycled\Msmdm.exe and C:\Recycled\Msscra.exe.

More details about W32.Yaha@mm

This mass mailing worm displays as a screen saver about Valentine's Day. It arrives as a formatted message to fool users of the incoming computer to be victimized into believing it has been forwarded by someone subscribing to a screen saver mailing list. The SMTP mail server, 'Display name' and 'From address' are extracted from within the Registry key. The display title is utilized to sign the message body. When there is no default SMTP server that showed within this key, the worm tries to connect to a server. Once the worm is executed, it infects the local device by copying itself as C:\RECYCLED\MSMDM.EXE and C:\RECYCLED\MSSCRA.EXE. The attributes of these copies are set to hidden. This worm as well modify Registry key so that it is executed upon the subsequent opening of any .EXE files. When the target e-mail addresses are extracted from current temporary internet files of the user, it sends a copy to it.

The W32/Yaha@mm application may enter a computer when the user accesses websites that are not secure. The Trojan program takes advantage of program errors and system vulnerabilities. It also spreads via shared networks. An infected system that is connected to other computers may easily transmit the Trojan software. This may also spread through P2P (peer-to-peer) programs. Some of the files that are on these applications are threats that are disguised as legitimate programs.