A number of customers have contacted Sophos technical support
concerned about the W32/Yaha-K email-aware worm. Their concern
follows media reports about the worm over the holiday period.
Detection of W32/Yaha-K will be included on version 3.66
(February 2003) of the Sophos CD, but protection has been available
via the Sophos website since 24 December 2002.
If you have not already protected against W32/Yaha-K, Sophos
strongly recommends you download the IDE and distribute it to all
installations of Sophos Anti-Virus in your company.
Quick links
How to avoid infection in the future
Update your corporate anti-virus now so that you can detect and
prevent the Yaha worm. If you do not have procedures for rapid
updates, implement them now, because you are sure to need them
again. Sophos Enterprise Manager is one
way to help automate protection updates inside your company.
If possible, block all Windows programs at your email gateway.
It is rarely necessary to allow users to receive programs via
email. There is so little to lose, and so much to gain, simply by
blocking all mailed-in programs, regardless of whether they contain
viruses or not. Sophos MailMonitor for
SMTP contains pro-active threat reduction technology which can
help you block dangerous filetypes and executable code at the email
gateway.
Many viruses have exploited loopholes in commonly used web
browsers and email software to increase their chances of spreading
effectively.
Every IT manager responsible for security should consider
subscribing to vulnerability mailing lists such as that operated by
Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp.
Other vendors offer similar services.
If you are a home user you may like to consider visiting
windowsupdate.microsoft.com, a site run by
Microsoft, which can automatically scan your computer for
vulnerabilities and suggest which security patches need to be
downloaded.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.