W32.Haytap@mm is a computer worm that was discovered April 30, 2006 and also goes by the name ''W32.Fakepatch@mm" occasionally. It operates using Yahoo! Messenger to infect.
- Copies itself as the following file:
- Adds the value:
to the following registry subkey:
so that it runs every time Windows starts:
- Obtains contact names from Yahoo! Messenger. The worm will append yahoo.com as the domain name to complete the email addresses.
- Sends itself to the email addresses it generates. The email has the following characteristics: