Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Yarner.A@mm

Overview

Threat Risk MEDIUM MEDIUM
Destructivity HIGH HIGH
Payload Deletes files
Detection files published 18 Feb 2002 03:00:00
Description created 18 Feb 2002 03:00:00
Description updated 21 Feb 2002 12:34:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

W32/Yarner.A@mm

Spreading

When run, the worm attempts to copy itself to the Windows directory, using a file name that consists of a random combination of letters. It will also take the place of Notepad.exe and rename the original Notepad to Notedpad.exe.It will then search the Windows Address Book and files with the extension *.PHP, *.PL, *.HTM,*.SHTM and *.CGI for email addresses to send itself to.The worm also creates a registry key under:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonceso that it is run from startup.

Payload Details

The worm will in some occasions delete all accessible files on the local drive.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11