Bug Alert
Bug Alert will appear in TCT to inform readers of malware currently circling the globe, how to detect if your computer is infected, and remedies should your computer be infected with the malware.
Malware Name: W32/Yaha.k
Description:
Both McAfee Security and Symantec set the risk of this virus at
medium/Category 3 respectfully. This worm attempts to send itself
to email addresses found in various application files on the infected
system. It can spoof the "From" field of the email it
sends to be a fake email address. In some cases it will be a security
software vendor's email address. According to McAfee's Help Center,
one of many incarnations of the worm, "masquerades as a virus
warning and asks the user to download a protection tool, which
is, in fact, the virus itself." However the email it sends
can take many forms with any one of more than 70 different subject
lines. The text in the body of the message solicits the victim
to open an attached executable file.
An example message follows:
FROM: av_patch@mcafee.com
SUBJECT LINE:
Patch for Klez.H
Klez.H is the most common world-wide spreading worm. It's very
dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,
most common AB software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once and then Klez will never come
into your PC.
Damage it can cause:
W32/Yaha.K attempts to disable anti-virus and security software.
It mass mails itself using addresses you may have in your Microsoft
Outlook Address Book, MSN Messenger, .NET Messenger, Yahoo Pager
and all files with extension HT and according to Symantec, "Attempts
to perform a Denial of Service against a Pakistani Web site"
W32/Yaha.k Removal:
Both Symantec and McAfee have released new tools to assist in
the removal of the worm. You can download the removal tool from
their respective web sites. There are also additional notes on
both sites pertinent to the various operating systems the worm
can infiltrate.
Resources:
http://www.symantec.com
http://www.mcafee.com