Results 1 to 8 of 8

Thread: Heads Up**W32.Yaha.T@mm

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Exclamation Heads Up**W32.Yaha.T@mm

    Hi Guys,

    Another of the Yaha family..

    Check Symantec for all the info then check with your prefered AV company for inf relevent to your setup

    Edit:
    W32.Yaha.T@mm:

    Is a worm that is a variant of W32.Yaha.J@mm.
    Terminates some antivirus and firewall processes.
    Uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and in all the files whose extensions contain the letters HT.

    The email message has a randomly chosen subject line, message, and attachment name. The attachment will have a .com, .exe, or .scr file extension.

    This threat is written in the Microsoft C++ language and is compressed with FSG.


    Also Known As: I-Worm.Lentis.gen [KAV], W32/Yaha.t@MM [McAfee], W32/Yaha-T [Sophos]
    Type: Worm
    Infection Length: 51,424 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux
    Ther you go.. now that will help you research this little pest..

    Cheers

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Yeh what do I say..

    Version V is now out and available for download..

    Check for some info here http://securityresponse.symantec.com...yaha.v@mm.html

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Junior Member
    Join Date
    Jun 2003
    Posts
    6
    und3tak3r (can I call you undies?) just kidding

    I tried to give a antipoint but was told by 'the powers that be' to spread them around....guess your getting too many....i just posted the V and then came here to find out that you posted yourself....i love it

    catch ya at work tomorrow

    late
    yours in cyberspace and beyond

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Yeh I pulled this out of the Bin... Saved starting a new thread..

    New Version Of yaha Info from Sophos..

    http://www.sophos.com/virusinfo/analyses/w32yahax.html

    Where are we.. Yaha.X

    Cheers.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Originally posted here by Und3ertak3r
    Yeh I pulled this out of the Bin... Saved starting a new thread..

    New Version Of yaha Info from Sophos..

    http://www.sophos.com/virusinfo/analyses/w32yahax.html

    Where are we.. Yaha.X

    Cheers.
    That's good. Only 2 more to go and then they'll have to stop writing variants!

    Or am I missing the point?

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I think the question is: why are the variants so successful? I mean, we're getting to the end of the alphabet (they'll probably start some new variant naming scheme for this if it goes beyond Z) but geez. If yaha.(insert letter here) is that effective, why? Lack of AV usage/updating?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Adoy:
    can I call you undies?
    I think we can make that nice little nick stick can't we chaps.....

    Steve:
    Or am I missing the point?
    Quite possibly......

    Ms. M:
    Why?
    From my point of view I have seen relatively few infected files from the Yaha family being stopped at the mailserver. I think that this, coupled with the fact that it doesn't make a huge "splash" on the internet like MSBlast has kept it below the media's radar and, as a result, it has kind of "stealthed" it's way along without being noticed taking advantage of the "usual suspects".
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    HAven't seen Yaha in the workshop for a 3 or so months.. Had most problems early in the year.. The info from Sophos was only one reported case.. now that could mean the only one .. or it could be the first of many.. who knows..

    And as for a new nick.. you won't want me dirty would you..lol


    Cheers..


    BTW.. Sobig.G .. to mention a succesful strain of Virii/worm something tells me we need to be prepared now.. it may be soon.. or I am paranoid..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •