PDA

Visualizza versione completa : Worm.W32/Yaha.U@MM - Rischio 3 - Update


Giorgius
18-09-2003, 12.21.21
Effetti:
Similar to other worm YAHA variants, this mass-mailing worm propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine. It obtains target email addresses from the following files:


*HoTMaiL*.*ht* files
.HTM and .HTML files from the INETPUB and WWWROOT folders
ICQ Databases
MSN Messenger and .NET Messenger data files
Windows Address Book (WAB)
Yahoo Messenger profiles
It also sends an email to randomly generated addresses. It further arrives as a file attachment with the following extensions:


ZIP
EXE
SCR
COM
This worm also spreads via shared network drives. It logs keystrokes and sends them to a predefined email address. It performs a Denial of Service (DoS) attack on the following sites by sending HyperText Transfer Protocol (HTTP) requests every few seconds:


klc.org.pk
ummah.org.uk
pak.gov.pk
lahore.gov.pk
jamaat.org
Additionally, it terminates antivirus processes and some Windows applications.

This malware runs on Windows 95, 98, ME, NT, 2000 and XP.


Info:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_YAHA.U
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100659


Aggiornamento AntiVirus al 18.09.03 ;)(Y)