A backdoor Trojan written in Microsoft's Visual Basic programming language uses the Windows Notepad icon in an attempt to deceive people into believing it is a real Notepad text editor.

Backdoor.CHCP deploys the Windows Notepad program icon to trick system users into believing it is a real Notepad text editor, according to Symantec. Once launched, it allows a hacker to remotely control an infected computer. The Trojan opens TCP port 1145 by default.

For technical details, check this Symantec page.

W97M.Blackout.Worm a Low Threat

Symantec also reported Wednesday the appearance of W97M.Blackout.Worm, a Microsoft Word 97 macro worm that attempts to spread using mIRC.

The worm uses the file name Readme.txt.doc. Once executed, W97M.Blackout.Worm attempts to disable the security menu item on the Macro menu. It also copies its source code to the C:\Blackout.vxd file.

For more information on its effects, visit this Symantec site.

Worm_YAHA.K Spreading via Email

Another worm reported out Wednesday was Worm_YAHA.K, which may be familiar for its several aliases: Win32/Yaha.K, I-Worm.Lentin.i, Win32/Yaha.K@mm, W32/Yaha-K, W32.Yaha.K@mm and W32/Yaha.k.

This mass-mailing worm uses its own SMTP engine to spread via email as an attachment, mailing itself to addresses retrieved from an infected system's Windows Address Book (WAB), Yahoo Messenger, MSN and .NET Messenger Services, and files found in all directories with extension names containing the string "HT," according to Trend Micro.

Like the other YAHA worm variants, this malware also terminates from memory certain popular antivirus and security software processes. It randomly selects the contents of its email subject line, message body, and attachment name from preset information in its code.

Read a sample of the email this malware sends here.

Compiled by Esther Shein.