Tuesday, June 20, 2006

Yahoo Email Worm - JS.Yamanner@m

They say it is 'low impact' but I'm sure you do not want a worm running through your system. If you use Yahoo email and receive one from av3@yahoo.com - DO NOT OPEN IT! - - Simply delete the email! - Opening it will allow a JavaScript program to spread though other Yahoo email addresses in the users address book. Don't do that to your friends!

To block the address (Options/mail options/spam/block addresses) and enter av3@yahoo.com into the add block space.

From link below: The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
When activated, the worms then sends itself to other users in the victim's address book who also use Yahoo e-mail with the suffixes of @yahoo.com or @yahoogroups.com. The worm mimics a function within Yahoo's Web mail called "Quickbuilder," which allows a user to add contacts in an address book from received e-mail, Hogan said. The process, however, is transparent to the victim, he said.

The harvested e-mail addresses are sent to a remote server. Users of Yahoo Mail Beta do not appear to be affected, Symantec said.

The worm also opens a browser that displays a Web page that does not appear to contain malicious content.

Although Yahoo's Web e-mail has not been fixed, users are advised to update virus and firewall definitions and block any e-mail sent from av3@yahoo.com. The subject line of the e-mail with the worm says "New Graphic Site," and the body says "this is test."

PC World has an article on it if you want to know more.


Yahoo says they have the worm contained! Hat tip to BlogGossip.com -

Technorati Tags -