Notice

This is a Low-Profiled Threat Notice Update for W32/Yanz and W32/Anzae.

Justification

W32/Yanz and W32/Anzae have been updated from Low to Low-Profiled due to Media Attention at http://www.webuser.co.uk/news/59666.html. W32/Yanz is referred to as Favsin within the article, and W32/Anzae is referred to as Tasin.

Read About It

Information about W32/Yanz.a@MM is located on VIL at: http://vil.nai.com/vil/content/v_130045.htm

Information about W32/Yanz.b@MM is located on VIL at: http://vil.nai.com/vil/content/v_130137.htm

Information about W32/Anzae.a@MM is located on VIL at: http://vil.nai.com/vil/content/v_130139.htm

Information about W32/Anzae.b@MM is located on VIL at: http://vil.nai.com/vil/content/v_130140.htm

Information about W32/Anzae.c@MM is located on VIL at: http://vil.nai.com/vil/content/v_130141.htm

Detection

Detection for the above threads were added to the 4410 dat files (Release Date: 11/24/2004).

To stay updated and protected download the latest dat files from http://www.mcafeesecurity.com/us/downloads/default.asp

If you suspect you have W32/Yanz or W32/Anzae, please submit a sample to http://www.webimmune.net.

Risk Assessment Definition

For further information on the Risk Assessment and AVERT Recommended Actions please see:

http://www.mcafeesecurity.com/us/security/resources/risk_assessment.htm