Antivirus vendors are warning of a new version of the Yaha virus, W32/Yaha.m or Win32/Yaha.k. The malevolent code is spreading more rapidly than was thought it would when it was discovered Dec. 21. Monday, Network Associates Inc.'s Anti-Virus Emergency Response Team (Avert) upgraded the Yaha variant's risk assessment from "low" to "medium" because of its increased activity. Secure E-mail services firm MessageLabs is reporting that it stopped 7,377 Yaha.k infections in the past 24 hours.
According to Network Associates, the Yaha.k virus spreads primarily through E-mail, using its own E-mail engine, and the virus also tries to shut down antivirus and security-related software as it infects.
The virus uses many different subject lines, including "XXX Screensavers 4 U," "Free Demo game," and "Are you the BEST," as lures. The virus also arrives with a wide range of potential attachment file names, including "zXXX_BROWSER.EXE," "Jenna_Jemson.scr," and "FixKlez.com." More information is available at http://vil.nai.com/vil/content/v_99918.htm.
Jimmy Kuo, a Network Associates Avert fellow, says the infection rate for Yaha.k has either stabilized or increased only slightly in Europe. Kuo says the virus appears to be hitting home users harder than businesses, which are more likely to keep antivirus systems up to date and block certain attachments at their E-mail gateways. A more complete damage assessment won't be possible until after New Year's Day. "Infections will increase again for one more weekend," Kuo says. "People are still out of the office for the holidays and there will be some companies that won't see that they've been infected until employees return to work."