W32.Yalat.Worm


Aliases: I-Worm.Haelp, W32/Yalat.worm, Win32.HLLM.Later.28672, W32/Yalat-A, Win32/Yalat.A@mm
Variants:  WORM_YALAT.A, Worm/Yalat, W32/Yalat.A, Worm/Yalat, Win32.Yalat.A@mm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 10 Feb 2003
Damage: Medium

Characteristics: The W32/Yalat.Worm program is a worm that spreads by using MAPI and by duplicates itself to shared folders. It as well attempts to stop the processes of your antivirus programs. Because of the bugs in its code, the worm doesn’t work as intended. This worm affects windows operating system such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, and Windows XP.

More details about W32.Yalat.Worm

Once W32.Yalat.Worm runs, it copies itself in the Windows directory as WinHaelp.exe and adds value to the registry key which attempts to stop processes that contains zone, sym, prot, and afee strings. It will then attempt to spread its copies to shared folders by utilizing MAPI. The worm gathers e-mail address from.html, .htm, .tmp and .bak files to send the e-mail message containing a subject “Failure notice!” and an attachment named “Your Original Mail.eml.exe”. However, due to the bugs in the its code, the intended action may fail.

Reports indicate that the W32.Yalat.Worm software is capable of modifying certain programs in the computer. It also terminates the running processes of programs on the compromised computer. This includes the processes of security and anti-malware programs. The system becomes more vulnerable in acquiring threats when it is not protected. This program is also capable of downloading threats from a remote server. The application possibly downloads threats to be added on the user’s machine. The presence of these threats may reduce the system’s speed. Some of these programs are capable of getting the user’s vital information. This includes the PII (Personally Identifiable Information). Third parties can use this data to perform illicit activities.