Yaha virus variant heats up

A new virus, which is believed to be a variant of the Yaha virus, has proven contagious and is infecting thousands of computers worldwide. Email management firm MessageLabs said the virus, which appears to originate in the Middle East, may try to launch a denial of service attack against a Pakistani government Web site. On Tuesday the Web site, infopak.gov.pk, was unavailable.

The virus, dubbed W32/Yaha.M, has seen its numbers explode with over 7,000 being stopped by MessageLabs on Monday. So far more than 21,000 copies of the virus have been detected by the copmany. The first copy of the virus to be detected was contained in an email from Kuwait, and the most copies now being stopped are coming from Egypt, Saudi Arabia and the UK.

In response to the increase in occurrence, Symantec (which has dubbed the worm W32.Yaha.K@mm)has raised the threat from a Category 2 to a Category 3. The code can generate various different emails using its own email engine, said MessageLabs, and the "From" fields in the emails are forged. The worm arrives in the form of a .exe or .scr attachment to an e-mail with a variety of subjects and messages, and contains it's own e-mail client to mail itself out, forging the from address. MessageLabs said it may also attempt to close down a number of firewalls and antivirus programs.

ZDNet UK's Matt Loney contributed to this report

Let the editors know what you think in the Mailroom.