Classification

Category: Malware

Type: -

Aliases: Yipper, Yitai

Summary


Yipper is a family of email stealing trojans written in Visual Basic. All 3 currently known variants appeared on 6th of May, 2003. These trojans do not install themselves to system, they only collect email addresses and send them to 2 pre-defined email addresses in Israel.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details



Variant:Yipper.A

This trojan variant sends stolen emails to <yitai342@012.net.il> email address. The message is sent with 'Hi' text in a subject line. The message body contains entries from infected user's Outlook Address Book.


Variant:Yipper.B

This trojan variant was sent to several people in email messages as FindMyMatch.exe attachment. The trojan sends stolen emails to <yipai342@netvision.net.il> email address. The message is sent with 'NewWorld' in a subject. The body contains encrypted entries from infected user's Outlook Address Book.

The B variant keeps its copy in memory while A and C variants exit after they send out email lists.


Variant:Yipper.C

This trojan variant is very close to Yipper.A variant. It sends stolen emails to <yitai342@012.net.il> email address. The message is sent with 'Hi' in a subject line. The body contains entries from infected user's Outlook Address Book.