Yahoo worm

You are here : Home→Topics→Latest Threats→Yahoo worm

Antivirus Software Essentials
Free Virus Removal Tools Top Windows Antivirus Top Spyware Scanners Top Internet Scams Email Hoaxes and Myths

Antivirus Offers
AntiVirus Coupon AntiVirus Gold Hardware AntiVirus Windows 95 AntiVirus AntiVirus McFee

Topics
Antivirus Reviews Free Antivirus Software Spyware / Adware Latest Threats Internet Scams Security Tips Viruses Explained Types of Viruses

Buyer's Guide
Gifts for Geeks and Gamers Antivirus Software for Windows Security Books for Home Users Antivirus Software Review

links
Related Links Helpful Links

Visitor Focus
Software Free Download Freeware Download Global Info System Matrix Directory Free Antivirus Software

Latest Threats

Yahoo worm

Written by lifang

February 20, 2008 14:01

An early-morning report on a security mailing list led to the discovery of a mass-mailing email worm that impacted Yahoo webmail users. Dubbed http://www.symantec.com/avcenter/venc/data/js.yamanner@m.html (Symantec), JS_YAMANER.A (Trend Micro), and http://vil.mcafeesecurity.com/vil/content/v_139913.htm (McAfee), the Yamanner worm functions by exploiting the Javascript onload event handler. No files are dropped to the impacted user's system, thus the computer does not maintain an infected state.

When the Yamanner email is opened, the malicious script exploits a flaw in the Yahoo email service, gathering addresses found in the Yahoo email folder and sending a copy of itself to any @yahoo.com and @yahoogroups.com email addresses found.

Yamanner also sends a list of those same addresses to a remote website, presumably for spam purposes.

Yamanner arrives in an email with the following characteristics:

From: spoofed or av3@yahoo.com
Subject: New Graphic Site
Body: (one of the following)
Note: forwarded message attached.
this is test

Yahoo responded to the threat by filtering messages for the presence of the onload event handler, replacing it with 'onfiltered', effectively neutering the worm's exploit.