Security news3 January 2003
W32/Yaha-K: Are you protected?
A number of customers have contacted Sophos technical support concerned about the W32/Yaha-K email-aware worm. Their concern follows media reports about the worm over the holiday period.
Detection of W32/Yaha-K will be included on version 3.66 (February 2003) of the Sophos CD, but protection has been available via the Sophos website since 24 December 2002.
If you have not already protected against W32/Yaha-K, Sophos strongly recommends you download the IDE and distribute it to all installations of Sophos Anti-Virus in your company.
Quick links
How to avoid infection in the future
Update your corporate anti-virus now so that you can detect and prevent the Yaha worm. If you do not have procedures for rapid updates, implement them now, because you are sure to need them again. Sophos Enterprise Manager is one way to help automate protection updates inside your company.
If possible, block all Windows programs at your email gateway. It is rarely necessary to allow users to receive programs via email. There is so little to lose, and so much to gain, simply by blocking all mailed-in programs, regardless of whether they contain viruses or not. Sophos MailMonitor for SMTP contains pro-active threat reduction technology which can help you block dangerous filetypes and executable code at the email gateway.
Many viruses have exploited loopholes in commonly used web browsers and email software to increase their chances of spreading effectively.
Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.
If you are a home user you may like to consider visiting windowsupdate.microsoft.com, a site run by Microsoft, which can automatically scan your computer for vulnerabilities and suggest which security patches need to be downloaded.
