Worm_Cydog.B drops copies of itself in the following shared folders of the different file sharing applications:

KaZaa\My shared Folder
Bearshare\Shared
Grokster\My Grokster
Morpheus\My Shared Folder
eDonkey2000\Incoming
limewire\Shared

This worm displays a fake error message. Read the text here.

Two Names, One Worm

Antivirus software vendor F-Secure is reporting the appearance of a new worm known as Slacke. The initial downloaded file is available on a Web location as cnn3.exe.

F-Secure Anti-Virus detects this file as TrojanDropper.Win32.Yabinder.20 with the current updates.

W32/Yaha.P Uses Own SMTP Email Engine

The first copy of a new variant of the Yaha strain of viruses that began circulating last week is still being intercepted, according to MessageLabs.

Initial analysis suggests that this is a mass-mailing virus capable of spreading using email and also appears to be capable of spreading via network shares. Yaha.P uses its own SMTP email engine and appears to gather any email addresses from the recipients' computer, both from Microsoft Outlook and also from files found on the hard disk.

In addition, the virus may automatically be activated without opening the attachment on Windows machines that have not been patched with the MS01-020 vulnerability. It also appears to have the capability to seek out and disable locally installed security-related software, such as anti-virus or firewall software. This may also be followed by the virus launching a denial of service attack directed towards a number of Web sites, including the Pakistani government.

Previous strains of the Yaha virus have been released in at least three different versions, packed with different packers. As a result, several anti-virus products were unable to detect all variants. Currently MessageLabs has only detected one variant of this Yaha.P strain, but there may be others.

As with other strains of the Yaha virus, initial analysis indicates that the sender's "from:" address may also be spoofed. This virus may additionally forge the sender address by utilizing a list of addresses within the code itself, including those of a number of desktop anti-virus vendors, with the email potentially purporting to be a patch for another virus.

Find out what subject lines the email uses and read additional comment on Yaha here.

Top 10 Viruses, Hoaxes for February

Klez and JDBGMGR top the lists of viruses and hoaxes reported to antivirus software vendor Sophos in February. Sophos detected 541 new viruses, worms and Trojan horses last month.

To view the lists, go to this Sophos Web page.

Compiled by Esther Shein.