CERT-In:Indian Computer Emergency Response Team

HOME > VIRUS ALERTS

VIRUS ALERTS

Worm-Yamanner

Original issue date: June 14, 2006

It has been reported that a JavaScript based mass mailer worm known as Yamanner is in the wild. The worm is exploiting vulnerability in Yahoo! Web-based email service to run the malicious JavaScript embedded in Yahoo mail message. The mass mailer worm sends itself to the e-mail addresses that it harvests from the Yahoo! email folders of the affected system. The e-mail addresses that the worm targeting are of @yahoo.com and @yahoogroups.com domains.

Aliases: JS/Yamanner@MM [McAfee], JS_YAMANER.A [Trend Micro], Yamanner.A [F-Secure], JS/Yamann-A [Sophos]

When the infected e-mail is opened within the Yahoo Mail it

Exploits the vulnerability in Yahoo! Web-based email service and run the embedded JavaScript.

Harvest the e-mail addresses from the Yahoo! email folders and sends copy of itself to gathered addresses that contain @yahoo.com and @yahoogroups.com domains.

Email contains
Subject: New Graphic Site
Body: (Any of the following)

Note: forwarded message attached

test

It connectes to the URL http://]www.av3.net/index.htm to send some critical information of the affected system.

As there is no patch available at this time users are advised to update their Anti Virus software and apply appropriate security updates at the OS level.

References:

http://www.symantec.com/avcenter/venc/data/js.yamanner@m.html
http://www.isc.sans.org/diary.php?storyid=1399
http://isc.incidents.org/diary.php?storyid=1398&isc
=f8e12339a3b7e7486330ee7aecd3f4fb
http://www.f-secure.com/v-descs/yamanner_a.shtml
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?V
Name=JS%5FYAMANNER%2EA
http://vil.nai.com/vil/content/v_139913.htm
http://www.securityfocus.com/brief/229
http://blog.washingtonpost.com/securityfix/2006/06/
yahoo_webmail_worm_on_the_loos.html
http://news.zdnet.com/2100-1009_22-6082934.html
http://www.theregister.co.uk/2006/06/12/javscript_worm
_targets_yahoo/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer