News

K Strain of Yaha Worm Causes Headaches

Two major anti-virus vendors upgraded the threat level on a variant of the Yaha virus as the mass-mailing worm spilled outside of its original range in the Middle East and Europe into the United States.

Symantec boosted the K strain of the Yaha virus from Category 2 to Category 3 on its five-level threat classification system. McAfee upgraded the K strain to a "Medium" threat.

Yaha K, which has also gone by the strain letter M, spreads as a 34-KB attachment on messages with varying subject and attachment names and message body texts. It spreads through e-mail using its own internal SMTP client, which searches the Windows registry for an SMTP server or uses one from a list contained in the worm itself, according to Sophos.

Yaha can take addresses from the Windows Address Book, MSN Messenger, .NET Messenger Services, Yahoo! Pagers and all files with extensions containing the letters HT, according to Symantec.

The worm terminates anti-virus and other security-related processes, while launching a denial-of-service attack against a Pakistani target server that is hard-coded into the worm, McAfee's description of the worm says.

The original version of Yaha appeared in March, according to MessageLabs Ltd.'s Web site. Different packages containing a J variant went out in December, causing confusion among anti-virus vendors and customers about whether systems were protected, MessageLabs experts contend. Meanwhile, the most virulent strain yet, Yaha K, which was different from the three J versions, was first stopped by MessageLabs on Dec. 21 in Kuwait. MessageLabs stoppage activity involving Yaha K peaked on Monday at more than 8,000, and the company has stopped the worm 37,463 times since Dec. 21.

Those volumes are substantially lower than Klez and Bugbear at their peak. For example, in the last 24 hours, according to the MessageLabs site, the A-V vendor stopped Klez 14,715 times compared to 6,560 times for Yaha K.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.