A nasty little worm, the Yarner Worm (which was first discovered on February 20, 2002) is an EXE file which is run on a system as an email attachment. The worm has a built-in SMTP engine, which then scans your Outlook address book and fowards itself to each address. It was originally distributed through a German mailserver.
The body of the email that contains the worm looks something like this:
Hello!
Welcome to the latest newsletter from Trojaner-Info.de
Content:
1. YAW 2.0 - the latest version of our porn-dialer warner
****
1. YAW 2.0 - Our porn-dialer warner in its latest version.
Our widely used Dialerwarner YAW is now available in a brand new and enhanced version. All subscribers to our newsletter get this version for free with this newsletter.
Just start the attached file and YAW 2.0 installs itself.
If there are any questions the programmer of this unique tool is available at ...
Have fun with YAW!
http://www.trojaner-info.de/dialer/yaw.shtml
****
That's it with the latest Trojaner-Info news, thank you for your attention and we wish all our readers a pleasant week
Also, a file called "yawsetup.exe" is attached to the message, which is the actual worm itself. It will then copy itself as notepad.exe, replacing the often-used Windows program. It then modifies the registry, scans Outlook and starts forwarding itself.
The final blow from the Yarner Worm is the deletion of the Windows directory after execution. Once this is done, the computer will require a new installation of the OS, though formatting the drive will be recommended, as the virus will still have remnants throughout.
This nasty little worm has already been vaccinated against. Check McAfee, Symantec or Central Command for more information.
Source: Yahoo! News: http://story.news.yahoo.com/news?tmpl=story&u=/zd/20020220/tc_zd/5103442&cid=73