Postcard from the Slope

YAHOO WORM NO LONGER A THREAT BUT STAY ALERT

Yahoo says Yamanner worm is no longer a threat but for Yahoo Mail users to stay alert.

Following a security investigation made by the world’s largest anti-virus company Symantec, it appears that the most popular email service on the Web, Yahoo Mail, has been affected by a silent and devious attacker, an Internet worm named Yamanner. According to Symantec this is a type of worm with a highly dangerous potential, since in order to infect a machine the users only need to open the rogue message, not the usual attachement.

Symantec added that JS.Yamanner@m is a JavaScript worm and its potential victims are only those who have an e-mail address ending in @yahoo.com or @yahoogroups.com. Users of Yahoo! Mail Beta are not to be concerned with the worm. The spreading of the worm is very efficient: JS.Yamanner takes control by exploiting a vulnerability which enables scripts embedded in HTML e-mails to be run by the user’s browser. It then sends the e-mail addresses he finds to a remote server on the Internet.

At the time of the announcement made by Symantec, there were potentially 100 million victims, all of them users of Yahoo Mail portal. Yahoo! Mail Beta users were not affected because for security reasons Yahoo! Mail blocks malicious scripts. This is the reason for which Symantec included the JavaScript worm JS.Yamanner in a category of threats of Level 2 (on a scale of 1 to 5, with 5 being most severe).

Additionally, if users mistakenly open an infected e-mail, they will also see that their browser window is re-directed to display the Web page associated with the URL: http://www.av3.net/index.htm. According to Symantec, the worm, containing JavaScript, has the words "New Graphic Site" in the subject field of the e-mail.

Following Symantec’s warning, Yahoo announced on Tuesday that "a very small fraction" of its more than 200 million e-mail accounts were infected Monday when the problem was first signaled. "We have taken steps to resolve the issue and protect our users from further attacks of this worm," Yahoo spokeswoman Kelley Podboy said. "The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user."

Nevertheless, Yahoo is urging its e-mail clients to stay alert and keep their anti-virus and firewall active and up-to-date.