x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Yanz.B

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Yanz.B
Technical name:W32/Yanz.B.worm
Threat level:Low
Type:Worm
Subtype: Backdoor
Effects:  

It creates a file that contains Exploit/MS04-028.gen. This exploit attempts to download a file from the Internet and run it on the affected computer.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Nov. 22, 2004
Detection updated on:Nov. 22, 2004
StatisticsNo

Brief Description 

    

Yanz.B is a worm that creates three JPG files on the affected computer. One of these pictures contains Exploit/MS04-028.gen, which attempts to exploit the Buffer Overrun in JPEG processing vulnerability.

If this malicious JPG file is opened with a vulnerable application, a file will be downloaded from the Internet and run on the affected computer. The downloaded file could be of any nature, including malware.

Yanz.B attempts to end the processes belonging to the Windows Registry editor, called REGEDIT.EXE, and MSCONFIG.EXE.

Yanz.B spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs. Both the e-mails and the shared files always refer to the singer Sun Yan Zi.

 

It is very recommendable to visit Microsoft's official website and check whether any application vulnerable to Buffer Overrun in JPEG processing is installed on your computer, and if so, apply the corresponding security patch.

Visible Symptoms 

    

Yanz.B is easy to recognize once it has affected the computer, as it displays the following image on screen when it is run:

Then it creates three JPG files. One of them is malicious, while the other two contain pictures of the singer Sun Yan Zi:

     

Additionally, the e-mail messages and the shared files in which Yanz.B reaches the computer always refer to Sun Yan Zi.