Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Yipper


Aliases:


Yipper
Yitai

Malware

W32

Summary

Yipper is a family of e-mail stealing trojans written in Visual Basic. All 3 currently known variants appeared on 6th of May, 2003. These trojans do not install themselves to system, they only collect e-mail addresses and send them to 2 pre-defined e-mail addresses in Israel.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details


Variant:Yipper.A

This trojan variant sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' text in a subject line. The message body contains entries from infected user's Outlook Address Book.


Variant:Yipper.B

This trojan variant was sent to several people in e-mail messages as FindMyMatch.exe attachment. The trojan sends stolen e-mails to <yipai342@netvision.net.il> e-mail address. The message is sent with 'NewWorld' in a subject. The body contains encrypted entries from infected user's Outlook Address Book.

The B variant keeps its copy in memory while A and C variants exit after they send out e-mail lists.


Variant:Yipper.C

This trojan variant is very close to Yipper.A variant. It sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' in a subject line. The body contains entries from infected user's Outlook Address Book.





Description Created: Alexey Podrezov; F-Secure Corp.; May 6th, 2003



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.