W32.Yawmo


Aliases: W32/Agent.AMP, 2008 W32/Agent.ARFE, 2008 W32/Antinny.worm.q, Worm/Generic.MR
Variants: Backdoor.Agent.FP, Backdoor.Win32.Agent.xs

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 06 Jul 2006
Damage: Low

Characteristics: The W32/Yawmo program is a worm that spreads via Share file-sharing networks and Winny and can transmit sensitive information through these programs. The worm affects windows operating system such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP.

More details about W32.Yawmo

W32/Yawmo is a worm that spreads via Share file-sharing networks and Winny and can transmit sensitive information through these programs. When W32/Yawmo is executed on your system, it drops a copy of W32.HLLW.Antinny and W32.Mydoom.B@mm which is used to download a copy of W32.Yawmo. it as well drops explorer.exe file (copy of Backdoor.Nodelm), in either C:\Recycled or C:\Recycler. After this process, it adds values to the registry sub key so that the dropped file will run when Windows starts. It will the search the “Winny” and “Share upload” folders and downloads a file to these uploaded folders.

The W32.Yawmo application can receive instructions from a remote server. It can be made to manipulate the files in the system without the user’s consent. Computer activities can also be recorded. Keystrokes and mouse clicks can also be monitored and compiled. These may be sent to a remote user. This can cause the user’s confidential information to be compromised. The infected computer can be used to launch targeted attacks against remote servers. This can involve sending large amounts of repeated and malformed data. This can cause the target computer to crash in a Denial of Service (DoS) attack.