Hi Guys,

Another of the Yaha family..

Check Symantec for all the info (http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.t@mm.html) then check with your prefered AV company for inf relevent to your setup

Edit:
W32.Yaha.T@mm:

Is a worm that is a variant of W32.Yaha.J@mm.
Terminates some antivirus and firewall processes.
Uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and in all the files whose extensions contain the letters HT.

The email message has a randomly chosen subject line, message, and attachment name. The attachment will have a .com, .exe, or .scr file extension.

This threat is written in the Microsoft C++ language and is compressed with FSG.


Also Known As: I-Worm.Lentis.gen [KAV], W32/Yaha.t@MM [McAfee], W32/Yaha-T [Sophos]
Type: Worm
Infection Length: 51,424 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux


Ther you go.. now that will help you research this little pest..

Cheers

Yeh what do I say..

Version V is now out and available for download..

Check for some info here http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.v@mm.html

Cheers

und3tak3r (can I call you undies?) just kidding

I tried to give a antipoint but was told by 'the powers that be' to spread them around....guess your getting too many....i just posted the V and then came here to find out that you posted yourself....i love it

catch ya at work tomorrow

late

Yeh I pulled this out of the Bin... Saved starting a new thread..

New Version Of yaha Info from Sophos..

http://www.sophos.com/virusinfo/analyses/w32yahax.html

Where are we.. Yaha.X

Cheers.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Und3ertak3r
Yeh I pulled this out of the Bin... Saved starting a new thread..

New Version Of yaha Info from Sophos..

http://www.sophos.com/virusinfo/analyses/w32yahax.html

Where are we.. Yaha.X

Cheers.

That's good. Only 2 more to go and then they'll have to stop writing variants!

Or am I missing the point?

Steve

I think the question is: why are the variants so successful? I mean, we're getting to the end of the alphabet (they'll probably start some new variant naming scheme for this if it goes beyond Z) but geez. If yaha.(insert letter here) is that effective, why? Lack of AV usage/updating?

Adoy: can I call you undies?

I think we can make that nice little nick stick can't we chaps..... :D

Steve: Or am I missing the point?

Quite possibly...... ;)

Ms. M: Why?

From my point of view I have seen relatively few infected files from the Yaha family being stopped at the mailserver. I think that this, coupled with the fact that it doesn't make a huge "splash" on the internet like MSBlast has kept it below the media's radar and, as a result, it has kind of "stealthed" it's way along without being noticed taking advantage of the "usual suspects".

HAven't seen Yaha in the workshop for a 3 or so months.. Had most problems early in the year.. The info from Sophos was only one reported case.. now that could mean the only one .. or it could be the first of many.. who knows..

And as for a new nick.. you won't want me dirty would you..lol


Cheers..


BTW.. Sobig.G .. to mention a succesful strain of Virii/worm something tells me we need to be prepared now.. it may be soon.. or I am paranoid..