Print this article | E-mail this article | Comment on this article

Worm Targets Yahoo Mail Users

By Ed Oswald, BetaNews

June 13, 2006, 12:21 PM

A worm that is exploiting a flaw within Yahoo Mail is currently making its way through the service, security firm Symantec warned on Monday. However, Yahoo has since offered a patch for the flaw, which it says affected only a vulnerability of its customers.

Called "Yamanner," the worm took advantage of a JavaScript issue within the client that affects all versions except for the current beta. It comes hidden in an e-mail titled "New Graphic Site" that when opened launches the worm.

From there, the worm spreads itself to all on the user's Yahoo contact list, along with sending those e-mail addresses to a remote server. In its advisory, Symantec said it believed this would later be used to spam those addresses.

Yahoo said in a statement that the issue had been repaired and the update automatically sent to all customers. Still, both Yahoo and Symantec said it still would be a good idea to ensure than virus definition files are up to date.

According to Symantec research, the remote server that the worm calls was hit approximately 100,000 times, giving an idea of the extent of the infection. The firm gave the worm a rating of "2" out of a five-level numerical rating system.

Symantec said it was too early to judge whether or not the attackers would attempt to alter the worm so it could infect other Web-based e-mail systems.

Add a Comment (24 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By CAVU

edited Jun 15, 2006 - 1:26 AM

"Worm Targets Yahoo Mail Users"? No loss.

Score: 0

By kbsoftware

posted Jun 13, 2006 - 5:42 PM

I use gmail as my main pop3 account, can't beat the what is at now 2.7gb of store.
I then use spammotel.com to test out sites I'm not sure about and for the rest pookmail.com

Score: 0

By zee7

posted Jun 13, 2006 - 3:17 PM

To protect yourself from this and similar exploits that may crop up in the future, you should try using Firefox with the NoScript extension:

https://addons.mozilla.org/firefox/722/

That extension alone is worth getting people to switch browsers. I also recommend changing the default Yahoo email settings under Mail Options, Spam Protection, make sure you check:

"Block all images until I've had a chance to look it over."

And under General Preferences-->Messages-->Security
make sure you check:
"Block HTML graphics in email messages from being downloaded".

Score: 0

By patrykstencel

posted Jun 14, 2006 - 10:20 AM

You can disable JavaScript in IE. You can even do it bye site where sites on your trusted list still use JS. All this without the need for 3rd party ext. :)

Score: 0

By denverave

edited Jun 13, 2006 - 2:48 PM

I was wondering what was going on with all the spam.I have a upto date virus program and it did not help.I wonder if this will happen any time soon again.I think symantec sucks!

Score: 0

By zxocuteboy

posted Jun 13, 2006 - 2:18 PM

Nothing safe anymore!

Score: 0

By rijp

posted Jun 13, 2006 - 1:30 PM

*. . security firm Symantec warned on Monday*.

Yeah, like Symantec is a good source for virus info...

Score: 0

By zee7

edited Jun 13, 2006 - 5:07 PM

This article is pretty light on the details so here's some more info from The Register:

"The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts embedded within HTML emails to be run within a user’s browser instead of being blocked.

Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.

Infected emails commonly have the subject line "New Graphic Site" and are spoofed so as to appear from "av3@yahoo.com". Users who open infected emails will be redirected to a webpage at w**.av3.net/index.htm.

Symantec Security Response senior manager Kevin Hogan said: "Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS-Yamanner makes use of a security hole in the Yahoo! web mail program in order to spread to other Yahoo! users. Yahoo! is a popular email tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of internet users."

Linked article from The Register:
http://www.theregister.c...argets_yahoo/print.html

Score: 0

By rijp

posted Jun 13, 2006 - 2:19 PM

*This article is pretty light on the details*

I have found this to be true on MOST articles on Betanews, which is why we seem to have so much in the way of conflicting info. People won't take the time to research on their own, and they take the Betanews version as gospel. It has THEIR slant, and not necessarily ALL the info, as you have seen.

Score: 0

By Bobbitchin

edited Jun 13, 2006 - 12:46 PM

Web-based e-mail systems are for loosers anyway.
What ever happend to just using good old POP?

Score: 0

By rijp

edited Jun 13, 2006 - 1:29 PM

Are you a goober or what? Our company doesn't even allow pop3. That's problem 1.

Problem 2, when you use POP3, your mail STAYS on that machine where you retrieve it from.

Webmail, you can have access to your webmail anywhere in the world, from any computer. NO software is required, just a browser. I can even get my yahoo mail on my phone.

So, don't be stupid. webmail is MUCH more friendly than installing a client and only access to your email on 1 machine.

YOU are a loser. Obviously you are locked in a cage and haven't caught on to technology yet. Or maybe you are still in jail?

Score: 0

By dougdude

posted Jun 13, 2006 - 2:12 PM

Most POP3 mail programs allow you to keep the mail on the server instead of deleting it off the server once it is downloaded, so you get to read all your POP3 mail on your desktop but are still able to access it through webmail.

Score: 0

By rijp

posted Jun 13, 2006 - 2:17 PM

I knew someone was going to mention this, however, that is an option and it depends on the SERVER. Not all POP3 emails allow you to retain data on the server, once you retrieve it, its gone.

And most people using Outlook and/or Eudora or whatever client you choose, won't KNOW that POP3 retention is available, I didn't want to bring this little fact up, because it requires a lot more work on the client side, not to mention remembering to set this option on EACH machine.

Can we just agree, webmail is just easier and using a client for POP3 isn't as lame as he claims?

My point is still valid, mail STAYS on that machine, whether you can retrieve it from another location or not. EACH machine from then on keeps a copy of your email, and also sent items, you can't keep a history.. POP3 is just a mess. Webmail is the way to go, if you can do it. A client just just be limited to corporate email.

Score: 0

By Intrusive_Rogue

posted Jun 13, 2006 - 3:27 PM

Not to mention that most POP3 accounts still have very restrictive storage amounts. Most have gotten over the 10mb hurdle, but not much more than 100mb.

Try leaving all your mail with all the silly pictures that everyone sends to you on a 100mb e-mail account once!

Score: 0

By hesh

posted Jun 13, 2006 - 1:56 PM

My company prevents the use of pop3 AND webmail. They don't want people accessing webmail and getting a virus and infecting the network.

Score: 0

By rijp

posted Jun 13, 2006 - 2:13 PM

Wow talk about tough practices..

so how are you supposed to get your email? VPN?

Score: 0

By Intrusive_Rogue

edited Jun 13, 2006 - 1:24 PM

Ya, I like using a VAX system for e-mail WAY better than any modern e-mail system.

Exchange what?

Score: 0

By zee7

posted Jun 13, 2006 - 1:11 PM

Let me guess, you never travel, right?

Score: 0

By gawd21

posted Jun 13, 2006 - 12:58 PM

No, that isn't 100% correct. I use yahoo, for spam. You know, those sites you have to sign up for that require and email address and when setting up domains. That is all I use it for.

Score: 0

By rijp

posted Jun 13, 2006 - 1:26 PM

Funny, that's what my gmail account is for, because no matter how many times you press "spam" it never goes away.

Yahoo, I hardly get spam. Then I am a FULL registered user, with 2 gig mailbox, and unlimited spam, but I don't get much spam, I get some, but not NEAR the amount from Gmail, and no one knows my gmail account.. I rarely use it.

I use my Yahoo account for purchases and such, but I don't have ANY problems. I have had it since '91.

Score: 0

By daze

posted Jun 13, 2006 - 3:18 PM

you've had your yahoo acct since before yahoo.com was created? you're awesome!

Score: 0

By rijp

edited Jun 13, 2006 - 4:50 PM

My bad. '95. There are you happy?

Score: 0

By debonair

posted Jun 14, 2006 - 2:51 PM

yahoo mail didn't come out when yahoo was started. it didn't come out until 1997 (?)

http://en.wikipedia.org/wiki/Yahoo!_Mail

Score: 0

By zee7

posted Jun 13, 2006 - 1:09 PM

If all you're using it for is SPAM bait, then you might want to try mailinator. It's much more efficient than Yahoo Mail for that.

www.mailinator.com

Score: 0

Sep 5 - 8:44 PM ET Mozilla's Aza Raskin: The journey back to Ubiquity

Sep 5 - 7:10 PM ET Red Hat buys virtualization specialist Qumranet

Sep 5 - 7:06 PM ET Analysts: Online news viewers rising as newspaper readership falls

Sep 5 - 6:55 PM ET Where does Sarah Palin stand on technology issues?

Sep 5 - 6:51 PM ET Adobe Flash to deliver NFL games in full

Sep 5 - 4:29 PM ET Exclusive beta invitation from GameTap and BetaNews

Sep 5 - 4:09 PM ET Report: OLPC buy one, give one deal returns

Sep 5 - 3:45 PM ET No ruling yet in TiVo vs. EchoStar patent case

Sep 5 - 3:37 PM ET Google Analytics starts tracking Chrome, with intriguing results

Sep 5 - 2:14 PM ET Comcast challenges FCC's authority in sanction appeal