Malware type: Worm

Aliases: Email-Worm.Win32.Lentin.s (Kaspersky), W32/Yaha.aa@MM (McAfee), W32.Yaha.AE@mm (Symantec), Worm/Lentin.S (Avira), W32/Yaha-X (Sophos),

In the wild: No

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This variant of the YAHA worm attempts to propagate via email and shared network drives.

It terminates running antivirus-related processes and tries to launch Denial of Service (DoS) attacks against some specified Web sites.

This worm also prevents users from running certain system applications, including Registry Editor and the Task Manager.

To propagate via email, this worm uses its own Simple Mail Transfer Protocol (SMTP) engine to send copies of itself to addresses obtained from different sources. Refer to the Technical Details section for the format of the email messages that it sends out.

This worm also logs keystrokes and sends them to a certain email address. It runs on Windows 95, 98, ME, NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 27, 2003 3:50:27 PM GMT -0800
Description updated: Oct. 27, 2003 8:06:56 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.