-----------------------------------

hbgator

Tue 13 Jun, 2006


Yahoo, world's most popular e-mail, hit by worm

-----------------------------------

Yahoo Inc.<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b> the world's largest provider of e-mail services,<b style="color:#FFA34F"></b> said on Monday that a software virus aimed at Yahoo Mail users had infected <b style="color:#FFA34F"></b>"a very small fraction"<b style="color:#FFA34F"></b> of its base of more than 200 million accounts.<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The e-mail virus,<b style="color:#FFA34F"></b> or worm,<b style="color:#FFA34F"></b> has been dubbed Yamanner and landed in Yahoo mailboxes bearing the headline <b style="color:#FFA34F"></b>"New Graphic Site.<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> Once opened,<b style="color:#FFA34F"></b> the message infects the computer and spreads to other users listed in Yahoo users'<b style="color:#FFA34F"></b> e-mail address books,<b style="color:#FFA34F"></b> security experts said.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The e-mail containing the virus need only be opened <b style="color:#FFA34F"></b>-<b style="color:#FFA34F"></b>-<b style="color:#FFA34F"></b> in contrast to most worms that are hidden in attachments and require users to take an additional step <b style="color:#FFA34F"></b>-<b style="color:#FFA34F"></b>-<b style="color:#FFA34F"></b> to release the virus,<b style="color:#FFA34F"></b> according to computer security site Symantec Corp.<b style="color:#FFA34F"></b>.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The Sunnyvale,<b style="color:#FFA34F"></b> California-based company advised users to update virus and firewall software on their computers and to block any e-mail sent from the address <b style="color:#FFA34F"></b>"av3@yahoo.com.<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>"We have taken steps to resolve the issue and protect our users from further attacks of this worm,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> Yahoo spokeswoman Kelley Podboy said in a statement.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>"When we learn of e-mail abuse,<b style="color:#FFA34F"></b> such as a worm or other online threat,<b style="color:#FFA34F"></b> we take appropriate action,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> she said.<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>(A)<b style="color:#FFA34F"></b> solution has been automatically distributed to all Yahoo Mail customers,<b style="color:#FFA34F"></b> and requires no additional action on the part of the user.<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Yamanner,<b style="color:#FFA34F"></b> first detected by Yahoo and major computer anti-virus software makers earlier on Monday,<b style="color:#FFA34F"></b> was ranked as having a low threat level by Trend Micro Inc.<b style="color:#FFA34F"></b> and McAfee Inc.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
But Symantec considers the worm an <b style="color:#FFA34F"></b>"elevated threat,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> one step up from the lowest ranking in terms of relative danger.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Symantec's Security Response site suggested Yahoo Mail users might protect themselves by upgrading to the latest test version of the recently upgraded Yahoo Mail software.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>"The worm cannot run on the newest version of Yahoo Mail Beta,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> Symantec's site said.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
A Yahoo spokesman was not immediately available to comment on whether the company advised users to do this.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The worm exploits a vulnerability in Javascript technology used to make the mail program easier to use by triggering embedded HTML scripts to run in the computer user's browser.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The e-mail addresses are also sent to a remote online computer server,<b style="color:#FFA34F"></b> which may be used to run spam campaigns,<b style="color:#FFA34F"></b> experts said.<b style="color:#FFA34F"></b> The technical name of the worm goes by variants of <b style="color:#FFA34F"></b>"JS.Yamanner.<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>