'RDN_YahLover.worm' Pop-ups
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 17,001 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 371 |
| First Seen: | June 12, 2017 |
| Last Seen: | July 11, 2023 |
| OS(es) Affected: | Windows |
The 'RDN_YahLover.worm' pop-up windows are part of the "RDN_YahLover.worm Infection Scam" that was observed for the first time back in May. PC users reported notifications in their browser that said they were infected with a computer worm named RDN_YahLover.worm. Cyber security experts use the detection name 'RDN_YahLover.worm' in reference to a real threat. However, the 'RDN_YahLover.worm' security alerts in the browser should not be trusted. The "RDN_YahLover.worm Infection Scam" is the work of con artists that took the name of a threatening program and created a persistent dialog box shown to users on sites like web-alrt-phsng-atck[.]xyz, warningalert[.]xyz and many others. The pages used to generate the 'RDN_YahLover.worm' notifications include a script designed to crash the user's browser and incite distress. The 'RDN_YahLover.worm' alerts might offer the following text:
- Sample 1:
- Sample 2:
'RDN/YahLover.worm!055BCCAC9FEC
Call Technical Support Immediately at: +1-844-592-9882
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card information
This is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
Call Technical Support Immediately at: +1-844-592-9882
'Your computer has been Locked
Call Now +1-844-592-9882
Your computer with the IP: [YOUR REAL IP ADDRESS] may be infected Because System Activation KEY has expired & Your information (for example, passwords, messages, and credit cards) have been stolen.
Call Now +1-844-592-9882
System Error Activation Error Code: 0x44578 Call Help Desk to prevent data loss
please call Toll free +1-844-592-9882'
Computer security experts strongly advise against calls to the phone lines provided on the 'RDN_YahLover.worm' Pop-Up windows. These phone lines are operated by trained con artists who might claim that your private information like credit cards, social security number, and online accounts is being collected by 'RDN/YahLover.worm!055BCCAC9FEC'. You can rest easy because you are not likely to be infected with the YahLover Worm but the crooks may take advantage of uneducated PC users and ask them to allow a remote desktop connection to their machines. Needless to say, the remote desktop access might allow the con artists to browse folders on your computer, install software, and copy files that may contain valuable data. It is imperative that you cancel remote desktop connection requests by technicians associated with the 'RDN_YahLover.worm' warnings. The 'RDN_YahLover.worm' messages can be found on the following pages and correspond to various toll-free phone lines:
- 844-592-9882 linked to web-alrt-phsng-atck[.]xyz
- 888-373-0151 linked to warningalert[.]xyz
- 888-308-4565 linked to pc-failure-394j5hs[.]info
- 888-506-2142 linked to fd-ht-27.s3.amazonaws[.]com
Keep in mind that the list of sites that offer access to the 'RDN_YahLover.worm' fake security alerts is growing every month. Web filters and AV vendors strive to protect users and block connections to phishing pages like those listed above. The fight against phishing messages is one that requires constant vigilance and users are welcomed to report questionable notifications and content via the built-in reporting system in their browser. In Firefox, you can click on the hamburger menu icon, then the question mark on the bottom and click 'Report deceptive site.' In Google Chrome, click the three dots in the top-right corner, and go to 'Help' and choose 'Report an issue.' In Internet Explorer, click the gear icon and choose 'Report website problems.' In Edge, click the three dots in the top-right corner, click 'Provide Feedback' and choose 'Report unsafe site.' Extensions like 'Web of Trust' and 'HTTPS Everywhere' combined with the built-in threat protection in your browser can limit your exposure to phishing content. You may want to add a trusted anti-spyware solution to your line of security tools.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.