New Yaha variant surfaces

Yaha.P has surfaced on the Internet. The worm has many of the same characteristics of previous versions, including its own SMTP engine and the ability to spoof e-mail addresses harvested from Outlook and files on hard drive.

This Content Component encountered an error

A new variant of the Yaha worm surfaced late last week. It's too early to say if it will have similar traction as its brethren, but most experts don't expect much out of the worm.

Last Friday, e-mail scanning outsourcer MessageLabs intercepted a copy of Yaha.P. The Gloucester, England-based security service provider determined it can spread by mailing itself with its own SMTP engine or through network shares. It can gather potential target e-mail addresses from infected systems' Microsoft Outlook and from files on the hard drive.

The worm appears to spoof e-mail addresses so a message appears to come from someone else. It also tries to shut down antivirus protection on infected systems.

MessageLabs has stopped 63 copies of the worm as of 12 a.m. GMT Tuesday. The company has rated it as a low risk as has antivirus software vendors McAfee and Trend Micro.

The attached worm is UPX compressed with a size of 45,568 bytes. Some of file names include: FixElkern.com, FreakOut.exe, Notes.exe, Hacker_The_LoveStory.scr, Sexy_Jenna.scr, KOF_Sample.exe, MyProfile.scr, My_Sexy_Pic.scr, Peace.scr, Love.scr, Beautifull.scr, Body_Building.scr and Playboy.scr

Unlike previous Yaha variants, Yaha.P was released packed with just one packing program. Others would be compressed with up to three different packing programs so they could possibly slip through antivirus protection, said Paul Wood, information security analyst with MessageLabs. Such a technique causes confusion with antivirus companies as their naming conventions don't have room for worms that are packed differently but come from the same code, he said.

The worm uses a variety of subject lines including:

  • Screensavers from Club Jenna
  • Patch for Elkern.gen
  • Freak Out
  • Things to note
  • The King of KOF
  • Wanna be friends ??
  • One Hackers Love
  • We want peace
  • Free Screenavers of Love
  • Are you a Soccer Fan ?
  • Are you beautiful
  • Are you in Love
  • Are you looking for Love
  • Are you the BEST
  • Check it out
  • Check ur friends Circle
  • Demo KOF 2002
  • Feel the fragrance of Love
  • Free Win32 API source
  • Free XXX
  • Learn SQL 4 Free
  • Let's Dance and forget pains
  • Looking for Friends
  • Sample KOF 2002
  • Sample Playboy
  • Say 'I Like You' To ur friend
  • Screensavers from Club Jenna
  • Sexy Screensavers 4 U
  • The Hotmail Hack
  • The King of KOF Wanna Brawl ??
  • The world of Friends
  • Things to note
  • True Love
  • U realy Want this
  • Visit us
  • WWE Screensavers
  • Wanna Hack ??


FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Experts downplay Yaha variant damage"

SearchSecurity.com news exclusive: Expert: Yaha author politically motivated, probably still writing code"

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close