Threat Description

Yipper

Details

Aliases:Yipper, Yitai
Category: Malware
Type:
Platform: W32

Summary



Yipper is a family of e-mail stealing trojans written in Visual Basic. All 3 currently known variants appeared on 6th of May, 2003. These trojans do not install themselves to system, they only collect e-mail addresses and send them to 2 pre-defined e-mail addresses in Israel.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:Yipper.A

This trojan variant sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' text in a subject line. The message body contains entries from infected user's Outlook Address Book.


Variant:Yipper.B

This trojan variant was sent to several people in e-mail messages as FindMyMatch.exe attachment. The trojan sends stolen e-mails to <yipai342@netvision.net.il> e-mail address. The message is sent with 'NewWorld' in a subject. The body contains encrypted entries from infected user's Outlook Address Book.

The B variant keeps its copy in memory while A and C variants exit after they send out e-mail lists.


Variant:Yipper.C

This trojan variant is very close to Yipper.A variant. It sends stolen e-mails to <yitai342@012.net.il> e-mail address. The message is sent with 'Hi' in a subject line. The body contains entries from infected user's Outlook Address Book.





Description Created: Alexey Podrezov; F-Secure Corp.; May 6th, 2003


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More