Welcome to the Virus Encyclopedia of Panda Security.
It creates a file that contains Exploit/MS04-028.gen. This exploit attempts to download a file from the Internet and run it on the affected computer.
|First detected on:||Nov. 22, 2004|
|Detection updated on:||Nov. 22, 2004|
Yanz.B is a worm that creates three JPG files on the affected computer. One of these pictures contains Exploit/MS04-028.gen, which attempts to exploit the Buffer Overrun in JPEG processing vulnerability.
If this malicious JPG file is opened with a vulnerable application, a file will be downloaded from the Internet and run on the affected computer. The downloaded file could be of any nature, including malware.
Yanz.B attempts to end the processes belonging to the Windows Registry editor, called REGEDIT.EXE, and MSCONFIG.EXE.
Yanz.B spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs. Both the e-mails and the shared files always refer to the singer Sun Yan Zi.
It is very recommendable to visit Microsoft's official website and check whether any application vulnerable to Buffer Overrun in JPEG processing is installed on your computer, and if so, apply the corresponding security patch.
Yanz.B is easy to recognize once it has affected the computer, as it displays the following image on screen when it is run:
Then it creates three JPG files. One of them is malicious, while the other two contain pictures of the singer Sun Yan Zi:
Additionally, the e-mail messages and the shared files in which Yanz.B reaches the computer always refer to Sun Yan Zi.