Sophos distributing W32/Yaha-E? Not guilty!

June 26, 2002 Sophos Press Release

Sophos technical support has received a number of enquiries from customers concerned that they may have received a copy of the W32/Yaha-E virus via email from Sophos.

Sophos would like to reassure its customer base that we have not been infected or sent any viruses to our customers.

In fact, W32/Yaha-E can pretend (like the recent W32/Klez-H virus) to originate from Sophos. By using its own SMTP engine, the worm can appear to have come from any email address. Some infected messages have a sender field and message text which imply that the message was sent by a major anti-virus vendor (the virus can use the names Kaspersky, F-Secure, Symantec and Trend Micro as well as Sophos). Many of the email addresses and IP addresses used are invalid and inaccurate.

Sophos recommends that users do not open or launch unsolicited executable attachments and keep their anti-virus software updated.

Sophos Anti-Virus has been capable of protecting against W32/Yaha-E since 20 June 2002, and customers are encouraged to subscribe to Sophos's email notification service to be automatically warned of new threats emerging in the wild.