r
r
r
r
January 2, 2003 — (WEB HOST INDUSTRY REVIEW) — A new variant of the W32.Yaha.K@mm Internet worm has infected thousands of
r
computers throughout the holiday season.
r
r
The worm arrives in the form of a .exe or .scr e-mail attachment with a
r
variety of subjects and messages.
r
r
The worm stops anti-virus and firewall processes on personal computers. It
r
uses its own SMTP engine to e-mail itself to all the contacts in the Windows
r
Address Book, MSN Messenger, .NET Messenger, Yahoo Pager, and all the files
r
whose extensions contain the letters HT. The e-mail message has randomly
r
chosen the subject line, message, and attachment name. This threat is
r
written in the Microsoft C++ language.
r
r
It would also appear that either directly or indirectly, the virus’ author
r
has exploited a flaw in the industry-naming scheme used for identifying
r
viruses. Users and Web hosts are advised to use caution, since the worm
r
identifies itself using several identifying aliases.
