Malicious 'newsletter' virus hits users
Source: Vnunet
Antivirus (AV) firms are warning of a "highly dangerous" virus that disguises itself as a newsletter from a popular German AV site. There have been reports of mass infections in Germany caused by the malicious code.
The 'Yarner' virus disguises itself as the AV program YAW, arriving as an attachment to an official looking message purporting to be from AV website Trojaner-info.de. The email contains the subject line: 'Trojaner-Info Newsletter [infected computer's current date]'.
If the attached Yawsetup.exe file is opened, the worm creates a file in the Windows directory with a random name up to 100 characters long and registers the file in the registry as an auto run key. This means that the worm is run every time Windows boots up.
Yarner spreads as a mass mailing virus, accessing the Microsoft Outlook address book to retrieve addresses as well as scanning all .php, .htm, .shtm, .cgi and .pl files for addresses.