Sophos distributing W32/Yaha-E? Not guilty!

Sophos Press Release

Sophos technical support has received a number of enquiries from customers concerned that they may have received a copy of the W32/Yaha-E virus via email from Sophos.

Sophos would like to reassure its customer base that we have not been infected or sent any viruses to our customers.

In fact, W32/Yaha-E can pretend (like the recent W32/Klez-H virus) to originate from Sophos. By using its own SMTP engine, the worm can appear to have come from any email address. Some infected messages have a sender field and message text which imply that the message was sent by a major anti-virus vendor (the virus can use the names Kaspersky, F-Secure, Symantec and Trend Micro as well as Sophos). Many of the email addresses and IP addresses used are invalid and inaccurate.

Sophos recommends that users do not open or launch unsolicited executable attachments and keep their anti-virus software updated.

Sophos Anti-Virus has been capable of protecting against W32/Yaha-E since 20 June 2002, and customers are encouraged to subscribe to Sophos's email notification service to be automatically warned of new threats emerging in the wild.


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.