To date, more than 17,000 copies of the virus, dubbed W32/Yaha.M, have been detected by MessageLabs.
The worm, first intercepted on December 21, affects computers running on Windows operating systems. It uses its own SMTP engine to e-mail itself to all contacts in the Windows address book, MSN Messenger, .NET Messenger, Yahoo Pager and files with extensions containing letters HT. The worm arrives in the form of .exe or .scr attachments with a variety of subject lines and messages. It also attempts to close down a number of firewalls and antivirus programs.
In response to the increase in occurrence, Symantec (which has dubbed the worm W32.Yaha.K@mm) raised its threat from category 2 to 3.