Practical PC
Stripe Reviews
Web Building Guides
Computing Guides
Opinion
Downloads
About Practical PC



 
 
Computing guides
What is it?
How do I?
Where do I find?
 
Windows
Sound
Graphics
Communications
Printers
Networking
Storage
Digital Photography
Web building

Practical PC Opinion

Virus Warning:

Yarner: Not Every Anti-Virus Is the Real McCoy

Be careful out there – this one’s nasty

There’s a new, highly dangerous Internet worm "Yarner" that disguises itself as the anti-virus program YAW. At this time, there have been reports of mass-infection caused by this malicious program in Germany.

Yarner skilfully hides under the guise of an official message from a German Web site that handles anti-virus security problems.

Yarner spreads via e-mail in attached files. An infected e-mail has the following characteristics:

 The sender's address is chosen at random from the following:

* Trojaner-Info [the actual e-mail of the infected computer]

or

* Trojaner-Info [webmaster@trojaner-info.de]

Attachment: YAWSETUP.EXE

Subject: Trojaner-Info Newsletter [infected computer's current date]

Should a user open the attached YAWSETUP.EXE file, and should an active anti-virus not be in use, the worm launches its infecting procedures on the target computer and begins spreading. Firstly, Yarner creates an additional file in the Windows directory with a random name (up to 100 characters) and registers the file in the Windows system registry auto-run key. In this way, the worm is activated upon each system restart.

In order to send itself via e-mail, Yarner obtains access to the MS Outlook address book and scans all .PHP, .HTM, .SHTM, .CGI, .PL files in the Windows directory, and gets e-mail addresses from there. This information is copied to the files KERNEI32.DAA and KERNEI32.DAS. Following this, the worm connects to a remote SMTP server, through which the worm sends its copies. Yarner has exceptionally dangerous and destructive features. In one in ten cases, after having sent its e-mail copies, the worm destroys all data and information on an infected computer.

"Trojaner-Info, supposedly in whose name the infected messages are sent, is a popular German resource for solving anti-virus security problems. This service has no relationship whatsoever to this current epidemic. What is occurring now simply confirms once again that an e-mail address and a message text can be easily falsified, and with the use of this trick, a user has a malicious program thrust upon him or herself," commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab.

Yet again, then, folks, let us remind you never to open attachments from anyone unless you’re absolutely sure they’re safe – and make sure you’ve got an anti-virus program running.

^top

Have your say - click here

David Dorn
 

counter