Yipper is a family of e-mail stealing trojans written in Visual
Basic. All 3 currently known variants appeared on 6th of May,
2003. These trojans do not install themselves to system, they
only collect e-mail addresses and send them to 2 pre-defined
e-mail addresses in Israel.
This trojan variant sends stolen e-mails to <yitai342@012.net.il>
e-mail address. The message is sent with 'Hi' text in a subject
line. The message body contains entries from infected user's
Outlook Address Book.
This trojan variant was sent to several people in e-mail messages
as FindMyMatch.exe attachment. The trojan sends stolen e-mails to
<yipai342@netvision.net.il> e-mail address. The message is sent
with 'NewWorld' in a subject. The body contains encrypted entries
from infected user's Outlook Address Book.
The B variant keeps its copy in memory while A and C variants
exit after they send out e-mail lists.
This trojan variant is very close to Yipper.A variant. It sends
stolen e-mails to <yitai342@012.net.il> e-mail address. The
message is sent with 'Hi' in a subject line. The body contains
entries from infected user's Outlook Address Book.
[Writeup: Alexey Podrezov; F-Secure Corp.; May 6th, 2003]
