Summary

Yipper is a family of e-mail stealing trojans written in Visual Basic. All 3 currently known variants appeared on 6th of May, 2003. These trojans do not install themselves to system, they only collect e-mail addresses and send them to 2 pre-defined e-mail addresses in Israel.

Additional Details

VARIANT:

Yipper.A

This trojan variant sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' text in a subject line. The message body contains entries from infected user's Outlook Address Book.

VARIANT:

Yipper.B

This trojan variant was sent to several people in e-mail messages as FindMyMatch.exe attachment. The trojan sends stolen e-mails to <yipai342@netvision.net.il> e-mail address. The message is sent with 'NewWorld' in a subject. The body contains encrypted entries from infected user's Outlook Address Book.

The B variant keeps its copy in memory while A and C variants exit after they send out e-mail lists.

VARIANT:

Yipper.C

This trojan variant is very close to Yipper.A variant. It sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' in a subject line. The body contains entries from infected user's Outlook Address Book.

[Writeup: Alexey Podrezov; F-Secure Corp.; May 6th, 2003]