Tuesday, June 20, 2006

Yahoo Email Worm - JS.Yamanner@m

They say it is 'low impact' but I'm sure you do not want a worm running through your system. If you use Yahoo email and receive one from av3@yahoo.com - DO NOT OPEN IT! - - Simply delete the email! - Opening it will allow a JavaScript program to spread though other Yahoo email addresses in the users address book. Don't do that to your friends!

To block the address (Options/mail options/spam/block addresses) and enter av3@yahoo.com into the add block space.


From link below: The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
~~~~~
When activated, the worms then sends itself to other users in the victim's address book who also use Yahoo e-mail with the suffixes of @yahoo.com or @yahoogroups.com. The worm mimics a function within Yahoo's Web mail called "Quickbuilder," which allows a user to add contacts in an address book from received e-mail, Hogan said. The process, however, is transparent to the victim, he said.

The harvested e-mail addresses are sent to a remote server. Users of Yahoo Mail Beta do not appear to be affected, Symantec said.

The worm also opens a browser that displays a Web page that does not appear to contain malicious content.

Although Yahoo's Web e-mail has not been fixed, users are advised to update virus and firewall definitions and block any e-mail sent from av3@yahoo.com. The subject line of the e-mail with the worm says "New Graphic Site," and the body says "this is test."

PC World has an article on it if you want to know more.



Update:

Yahoo says they have the worm contained! Hat tip to BlogGossip.com -

Technorati Tags -
-
-
-