Yaha.P
Results 1 to 3 of 3

Thread: Yaha.P

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    Post Yaha.P

    This Info Found Here...

    Also it seems tha Lovgate has a new version..


    The W32.Yaha.P@mm worm is a variant of W32.Yaha.L@mm. This variant of the worm terminates some antivirus and firewall processes.

    W32.Yaha.P@mm uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files whose extensions contain the letters HT. The email message has a randomly chosen subject line, message, and attachment. The attachment will have either a .exe or .scr file extension.

    This threat is written in the Microsoft C++ language and is compressed with UPX. The uncompressed size is about 45 KB.



    Also Known As: W32/Yaha.p@MM [McAfee], WORM_YAHA.P [Trend], I-Worm.Lentin.m [KAV]
    Type: Worm
    Infection Length: 45,568 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
    CVE References: CVE-2001-0154
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Here is what the folks at Trend Micro have to say about Yaha.P:

    MoreInfo

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743

    Now a Version R....

    Yes here is the latest.. From Sophos

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •