The worm, JS.Yamanner@m, spreads from person to person when the user opens the e-mail that is originally sent by the worm. The worm then sends itself to the user’s contacts that also use Yahoo Mail, while simultaneously sending those e-mail addresses to a remote server on the Internet.
Only those using contacts with an e-mail address that is @yahoo.com or @yahoogroups.com will be affected by this. Symantec Security Response is currently categorizing JS.Yamanner as a Level 2 threat.
Kevin Hogan, senior manager of Symantec Security Response, comments: “This worm is a twist on the traditional mass mailing worms that we have seen in recent years, and is very much in line with the trend for threats that target personal information. Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a security hole in the Yahoo Web mail program in order to spread to other Yahoo users. Users of Yahoo Mail Beta do not appear to be vulnerable to JS.Yamanner.”
The e-mail can be distinguished by its title and contents:
Subject: New Graphic Site
Body: this is test
Additionally, if users inadvertently open this infected e-mail, they will also see that their browser window is redirected to display the webpage associated with the URL: [http://]www.av3.net/index.htm.
“Yahoo is a popular e-mail tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of Internet users. As there is no patch at present, users are recommended to update virus definitions and firewall signatures and to block any e-mails sent from firstname.lastname@example.org,” concludes Hogan.
-Computing SA staff, Computing South Africa
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.