Yaha Worm Wreaks Confusion
The Yaha worm, discovered last week in the Middle East, is causing confusion among both security vendors and users.A lack of consensus on the way that new viruses are named led to confusion among anti-virus companies this week and may have resulted in some users being unsure whether they were protected against the latest variant of the Yaha worm. Anti-virus vendors began seeing a new minor variant of the Yaha mass-mailing worm shortly before Christmas. The first copies seemed to be coming from Middle Eastern countries, including Kuwait. AV vendors were quick to recognize the worms characteristics and identify it as a version of Yaha, a worm that had first appeared around Valentines Day last year. But thats where the agreement ended and the confusion began. Some vendors named the worm Yaha.J, while others tabbed it Yaha.K and still others had it as Yaha.L. For a day or two, it looked as if the vendors had abandoned their conventional naming scheme and gone off the tracks.
Viruses are named according to a system developed by CARO (Computer Antivirus Research Organization), which dictates the form and precise syntax of the names. For example, W32/Yaha@MM is the full name of the original Yaha worm. W32 denotes the Windows 32-bit platform; Yaha is the name (usually provided by the author somewhere in the source code); and MM identifies it as a mass-mailer.