-
June 26th, 2003, 12:41 AM
#1
Heads Up**W32.Yaha.T@mm
Hi Guys,
Another of the Yaha family..
Check Symantec for all the info then check with your prefered AV company for inf relevent to your setup
Edit:
W32.Yaha.T@mm:
Is a worm that is a variant of W32.Yaha.J@mm.
Terminates some antivirus and firewall processes.
Uses its own SMTP engine to email itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and in all the files whose extensions contain the letters HT.
The email message has a randomly chosen subject line, message, and attachment name. The attachment will have a .com, .exe, or .scr file extension.
This threat is written in the Microsoft C++ language and is compressed with FSG.
Also Known As: I-Worm.Lentis.gen [KAV], W32/Yaha.t@MM [McAfee], W32/Yaha-T [Sophos]
Type: Worm
Infection Length: 51,424 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
Ther you go.. now that will help you research this little pest..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
July 9th, 2003, 02:07 AM
#2
Yeh what do I say..
Version V is now out and available for download..
Check for some info here http://securityresponse.symantec.com...yaha.v@mm.html
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
July 9th, 2003, 10:45 AM
#3
Junior Member
und3tak3r (can I call you undies?) just kidding
I tried to give a antipoint but was told by 'the powers that be' to spread them around....guess your getting too many....i just posted the V and then came here to find out that you posted yourself....i love it
catch ya at work tomorrow
late
yours in cyberspace and beyond
-
November 6th, 2003, 11:24 AM
#4
Yeh I pulled this out of the Bin... Saved starting a new thread..
New Version Of yaha Info from Sophos..
http://www.sophos.com/virusinfo/analyses/w32yahax.html
Where are we.. Yaha.X
Cheers.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
November 6th, 2003, 11:42 AM
#5
That's good. Only 2 more to go and then they'll have to stop writing variants!
Or am I missing the point?
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
November 6th, 2003, 12:20 PM
#6
I think the question is: why are the variants so successful? I mean, we're getting to the end of the alphabet (they'll probably start some new variant naming scheme for this if it goes beyond Z) but geez. If yaha.(insert letter here) is that effective, why? Lack of AV usage/updating?
-
November 6th, 2003, 02:03 PM
#7
Adoy: I think we can make that nice little nick stick can't we chaps.....
Steve:
Or am I missing the point?
Quite possibly......
Ms. M: From my point of view I have seen relatively few infected files from the Yaha family being stopped at the mailserver. I think that this, coupled with the fact that it doesn't make a huge "splash" on the internet like MSBlast has kept it below the media's radar and, as a result, it has kind of "stealthed" it's way along without being noticed taking advantage of the "usual suspects".
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 6th, 2003, 02:15 PM
#8
HAven't seen Yaha in the workshop for a 3 or so months.. Had most problems early in the year.. The info from Sophos was only one reported case.. now that could mean the only one .. or it could be the first of many.. who knows..
And as for a new nick.. you won't want me dirty would you..lol
Cheers..
BTW.. Sobig.G .. to mention a succesful strain of Virii/worm something tells me we need to be prepared now.. it may be soon.. or I am paranoid..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|