The W32.Yaha.P@mm worm is a variant of W32.Yaha.L@mm. This variant of the worm terminates some antivirus and firewall processes.
W32.Yaha.P@mm uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has a randomly chosen subject line, message, and attachment. The attachment will have either a .exe or .scr file extension.
This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 45 KB.
Also Known As: W32/Yaha.p@MM [McAfee], WORM_YAHA.P [Trend], I-Worm.Lentin.m [KAV]
Infection Length: 45,568 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
CVE References: CVE-2001-0154