News

K Strain of Yaha Worm Causes Headaches

Two major anti-virus vendors upgraded the threat level on a variant of the Yaha virus as the mass-mailing worm spilled outside of its original range in the Middle East and Europe into the United States.

Symantec boosted the K strain of the Yaha virus from Category 2 to Category 3 on its five-level threat classification system. McAfee upgraded the K strain to a "Medium" threat.

Yaha K, which has also gone by the strain letter M, spreads as a 34-KB attachment on messages with varying subject and attachment names and message body texts. It spreads through e-mail using its own internal SMTP client, which searches the Windows registry for an SMTP server or uses one from a list contained in the worm itself, according to Sophos.

Yaha can take addresses from the Windows Address Book, MSN Messenger, .NET Messenger Services, Yahoo! Pagers and all files with extensions containing the letters HT, according to Symantec.

The worm terminates anti-virus and other security-related processes, while launching a denial-of-service attack against a Pakistani target server that is hard-coded into the worm, McAfee's description of the worm says.

The original version of Yaha appeared in March, according to MessageLabs Ltd.'s Web site. Different packages containing a J variant went out in December, causing confusion among anti-virus vendors and customers about whether systems were protected, MessageLabs experts contend. Meanwhile, the most virulent strain yet, Yaha K, which was different from the three J versions, was first stopped by MessageLabs on Dec. 21 in Kuwait. MessageLabs stoppage activity involving Yaha K peaked on Monday at more than 8,000, and the company has stopped the worm 37,463 times since Dec. 21.

Those volumes are substantially lower than Klez and Bugbear at their peak. For example, in the last 24 hours, according to the MessageLabs site, the A-V vendor stopped Klez 14,715 times compared to 6,560 times for Yaha K.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.

  • Microsoft Confirms End of HoloLens Mixed Reality Hardware

    Microsoft officially announced this week that it is discontinuing its HoloLens mixed reality hardware, marking the end of its efforts in the space.

Most   Popular