1. /
  2. Security Response/
  3. JS.Yamanner@m

JS.Yamanner@m

Risk Level 2: Low

Discovered:
June 12, 2006
Updated:
June 12, 2006 12:51:44 PM
Also Known As:
JS/Yamanner@MM [McAfee], JS_YAMANER.A [Trend], Yamanner.A [F-Secure], JS/Yamann-A [Sophos], Yamanner.A [Computer Associates]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
JS.Yamanner@m is a worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts.

The worm cannot run on the newest version of Yahoo Mail Beta.

The worm arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:
From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.

It exploits a vulnerability in the Yahoo email service to run a script and send a copy of itself to certain email addresses gathered from the Yahoo email folders.

The worm targets email addresses from the @yahoo.com and @yahoogroups.com domains.

The worm may also contact the following URL:
http://www.av3.net/index.htm

It sends a list of email addresses gathered to the above URL.
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver