A new variant of a recently discovered worm is showing a significant rise in its infection rate, according to U.K.-based MessageLabs Ltd.
The e-mail security managed service provider (MSP), along with security firms such as Symantec Corp., are warning that the Yaha virus and its variants are spreading quickly. In fact, on MessageLabs’ list of top five viruses, Yaha variants hold the second, third and fifth spots.
The company said the W32/yaha.K-mm strain, while not as serious of a threat as Klez or BugBear, is still dangerous. The worm arrives as an e-mail attachment, and contains its own e-mail client to mail itself out.
According to Symantec’s Security Response Web site, Yaha will e-mail itself to all contacts in the Windows Address Book, .Net Messenger, MSN Messenger, Yahoo pager as well as to all files whose extensions contain the letters HT.
Some attachment names found by MessageLabs include Screensavers.scr, Real.scr, CG_Messenger.exe, sunny.scr, Ways_To_Earn_Money.exe, Project.exe and Britney_Sample.scr.
Possible subject lines may also include the following, according to MessageLabs: Are you in Love, I am in Love, Wanna Rumble ??, Whats up, Things to note, Free Screensavers 4 U, Check it out and Learn SQL 4 Free.
The virus, which was first captured on Dec. 21 and appears to have originated from Kuwait, is most active in the U.K. Netherlands, Canada, U.S., Saudi Arabia, Egypt, France, Germany, Australia, Belgium, and United Arab Emirates, according to MessageLabs.
For more information on prevention and fixes, visit www.symantec.com and www.messagelabs.com.