Related Resources • Yaha J, K, or L? • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • Sophos Analysis • Symantec Analysis

Written in apparent retaliation for a variant of Yaha which can change the Internet Explorer start page to a well-known virus exchange group, Gigabyte, the editor of the Yaha-targeted VX site and one of the few female virus writers, created a new worm that attempts to locate and remove the Yaha virus. Dubbed Win32.HLLP.YahaSux by the author, antivirus vendors have renamed it W32.Sahay.

According to antivirus vendor Sophos, Sahay arrives in an email bearing the following characteristics:

Subject: Fw: Sit back and be surprised..
Message text: "Think of a number between 1 and 52.
Say it out loud, and keep repeating while you read on.
Think of the name of someone you know (of the opposite sex).
Now count which place in the alphabet, the second letter of that name has.
Add that number to the number you were thinking of.
Say the number out loud 3 times.
Now count which place in the alphabet the first letter of your first name has, and substract that number from the one you just had.
Say it out loud 3 times.
Now sit back, watch the attached slide show, and be surprised.."