Yaha spreads quickly

A new variant of a recently discovered worm showed a significant rise in its rate of infection over the last few days, according to U.K.-based MessageLabs Ltd.

The e-mail security managed service provider (MSP), along with security firms such as Symantec Corp., are warning that the Yaha virus and its variants are spreading quickly. In fact, on MessageLabs’ list of top five viruses, Yaha variants hold the second, third and fifth spots.

The company today said the W32/yaha.K-mm strain, while not as serious of a threat as Klez or Bugbear, is still dangerous. The worm arrives as an e-mail attachment, and contains its own e-mail client to mail itself out. According to Symantec’s Security Response Web site, Yaha will e-mail itself to all contacts in the Windows Address Book, .Net Messenger, MSN Messenger, Yahoo pager as well as to all files whose extensions contain the letters HT.

MessageLabs on Dec. 28 intercepted close to 3,000 copies of the virus, and by Dec. 30 that number hit more than 8,000. On Jan. 1, the firm’s numbers dropped to approximately 6,500.

Some attachment names found by MessageLabs include Screensavers.scr, Real.scr, CG_Messenger.exe, sunny.scr, Ways_To_Earn_Money.exe, Project.exe and Britney_Sample.scr.

Possible subject lines may also include the following, according to MessageLabs: Are you in Love, I am in Love, Wanna Rumble ??, Whats up, Things to note, Free Screensavers 4 U, Check it out and Learn SQL 4 Free.

The virus, which was first captured on Dec. 21 and appears to have originated from Kuwait, is most active in the U.K., Netherlands, Canada, U.S., Saudi Arabia, Egypt, France, Germany, Australia, Belgium, and United Arab Emirates, according to MessageLabs.

For more information on prevention and fixes, visit www.symantec.com and www.messagelabs.com.