NEWS FROM THE LAB - Tuesday, June 13, 2006

Yamanner - JavaScript worm that targets Yahoo! Mail Posted by Katrin @ 10:13 GMT

Yahoo! Mail

There has been some media attention on the new JavaScript worm Yamanner that targets Yahoo! webmail and groups.

The Yamanner worm does not send itself as an attachment, it resides inside the e-mail body. The worm activates automatically by just opening an infected e-mail message with Internet Explorer. It uses a 0-day vulnerability in Yahoo! webmail system.

The infected e-mail sent to Yahoo! users look as follows:

Subject: New Graphic Site
Body: Note: forwarded message attached.

This type of worm is not a surprise - it has been theorized since at least 2001. Yamanner is however the first worm to be realized in the wild.

yahoo new graphic site