Sophos technical support has received a number of enquiries from
customers concerned that they may have received a copy of the
via email from Sophos.
Sophos would like to reassure its customer base that we have not
been infected or sent any viruses to our customers.
In fact, W32/Yaha-E can pretend (like the recent W32/Klez-H virus) to
originate from Sophos. By using its own SMTP engine, the worm can
appear to have come from any email address. Some infected messages
have a sender field and message text which imply that the message
was sent by a major anti-virus vendor (the virus can use the names
Kaspersky, F-Secure, Symantec and Trend Micro as well as Sophos).
Many of the email addresses and IP addresses used are invalid and
Sophos recommends that users do not open or launch unsolicited
executable attachments and keep their anti-virus software
Sophos Anti-Virus has been capable of protecting against
W32/Yaha-E since 20 June 2002, and customers are encouraged to
subscribe to Sophos's email notification service to be
automatically warned of new threats emerging in the wild.