Threat Description

Yipper

Details

Aliases: Yipper, Yitai
Category: Malware
Type:
Platform: W32

Summary



Yipper is a family of e-mail stealing trojans written in Visual Basic. All 3 currently known variants appeared on 6th of May, 2003. These trojans do not install themselves to system, they only collect e-mail addresses and send them to 2 pre-defined e-mail addresses in Israel.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details




Variant:Yipper.A

This trojan variant sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' text in a subject line. The message body contains entries from infected user's Outlook Address Book.


Variant:Yipper.B

This trojan variant was sent to several people in e-mail messages as FindMyMatch.exe attachment. The trojan sends stolen e-mails to <yipai342@netvision.net.il> e-mail address. The message is sent with 'NewWorld' in a subject. The body contains encrypted entries from infected user's Outlook Address Book.

The B variant keeps its copy in memory while A and C variants exit after they send out e-mail lists.


Variant:Yipper.C

This trojan variant is very close to Yipper.A variant. It sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' in a subject line. The body contains entries from infected user's Outlook Address Book.





Description Created: Alexey Podrezov; F-Secure Corp.; May 6th, 2003


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More