A new variant of the Yaha worm, discovered last week in several Middle Eastern countries, has begun spreading more rapidly and widely, anti-virus experts say.
Yaha.K is a mass-mailing worm and propagates through e-mail, using its own built-in SMTP engine. It can also retrieve addresses from Yahoo Messenger, MSN Messenger and .Net Messenger Service directories. The worm also is designed to launch a denial-of-service attack against a target server in Pakistan.
The worm appears in victims mailboxes with any one of dozens of subject lines. The “From” addresses on both the envelope and the message header are forged and the message also carries an attachment with a randomly generated name.
The worm appears to have originated in the Middle East, and MessageLabs Ltd., a British MSP that tracks viruses, said it first saw copies in Kuwait. Network Associates Inc.s McAfee Security anti-virus site lists the worm as a medium risk because of its increased prevalence in recent days.
Yaha.K is also capable of disabling various anti-virus products, personal firewalls and other security-related processes on infected machines, according to a McAfee Security advisory.
Anti-virus companies first began seeing the worm about 10 days ago, but it had been confined mostly to the Middle East and a few European companies. However, within the last day or so, it has begun spreading more widely.