Yaha virus lingers on

A variant of the Yaha computer virus which emerged on 21 December and was detected on thousands of PCs over the holiday season...

A variant of the Yaha computer virus which emerged on 21 December and was detected on thousands of PCs over the holiday season appears to be making a gradual retreat, but is still ranked as a "medium risk" by security software vendors.

Security vendor MessageLabs, which calls the variant W32/Yaha.K, said the rate of spread has been declining steadily since Monday (30 December) when the company intercepted more than 8,000 copies of the virus.

By Wednesday that figure had declined to 6,500 and it stood at just over 2,000 on Thursday afternoon in Europe.

Altogether MessageLabs had detected more than 34,000 copies of the virus.

The virus originated in Kuwait and has hit 100 countries including the Netherlands, UK, Canada, Egypt, United Arab Emirates, Saudi Arabia and Australia.

Symantec, which is calling the worm W32.Yaha.L@mm, rates the virus threat assessment as low, the damage assessment as medium and the distribution of Yaha as high, according to information on its Web site.

McAfee.com and parent company Network Associates rated W32/Yaha.k as "medium risk" to both home and corporate users.

Helsinki's F-Secure gave the Yaha.K virus a level two alert on its scale of three levels, meaning the virus was causing widespread infection. It said the virus carries aliases including Yaha.M, W32/Lentin.H@mm, I-Worm.Lentin.h and Yaha.K!e2a2.

The worm affects mainly systems running Microsoft's Windows operating system and appears as an e-mail attachment in the form of a .exe or .scr file.

Infected emails carry a wide variety of subject headings and messages. The virus contains its own e-mail client to mail itself out, forging the "from" address. It attempts to close down a number of firewalls and antivirus programs, according to MessageLabs.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.