http://securityresponse.symantec.com/avcen...yamanner@m.html
QUOTE
JS.Yamanner@m is a worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts.
Notes:
* The worm cannot run on the newest version of Yahoo Mail Beta.
* Rapid Release Definitions with sequence number of 55078 or greater are required to detect this threat.
Also Known As: JS/Yamanner@MM [McAfee], JS_YAMANER.A [Trend Micro]
Type: Worm
Infection Length: 6,377 bytes.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
June 12, 2006
threat assessment
Wild
* Number of infections: 0 - 49
* Number of sites: 0 - 2
* Geographical distribution: Low
* Threat containment: Easy
* Removal: Easy
Damage
* Payload Trigger: n/a
* Payload: n/a
o Large scale e-mailing: Sends a copy of itself to the user's Yahoo email contacts.
o Deletes files: n/a
o Modifies files: n/a
o Degrades performance: n/a
o Causes system instability: n/a
o Releases confidential info: n/a
o Compromises security settings: n/a
Distribution
* Subject of email: New Graphic Site
* Name of attachment: n/a
* Size of attachment: n/a
* Time stamp of attachment: n/a
* Ports: n/a
* Shared drives: n/a
* Target of infection: n/a
technical details
JS.Yamanner@m performs the following actions:
1. Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:
From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.
2. Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.
3. Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.
4. Targets email addresses from the @yahoo.com and @yahoogroups.com domains.
5. Contacts the following URL:
[http://]www.av3.net/index.htm
6. Sends a list of email addresses gathered to the above URL.
Notes:
* The worm cannot run on the newest version of Yahoo Mail Beta.
* Rapid Release Definitions with sequence number of 55078 or greater are required to detect this threat.
Also Known As: JS/Yamanner@MM [McAfee], JS_YAMANER.A [Trend Micro]
Type: Worm
Infection Length: 6,377 bytes.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
June 12, 2006
threat assessment
Wild
* Number of infections: 0 - 49
* Number of sites: 0 - 2
* Geographical distribution: Low
* Threat containment: Easy
* Removal: Easy
Damage
* Payload Trigger: n/a
* Payload: n/a
o Large scale e-mailing: Sends a copy of itself to the user's Yahoo email contacts.
o Deletes files: n/a
o Modifies files: n/a
o Degrades performance: n/a
o Causes system instability: n/a
o Releases confidential info: n/a
o Compromises security settings: n/a
Distribution
* Subject of email: New Graphic Site
* Name of attachment: n/a
* Size of attachment: n/a
* Time stamp of attachment: n/a
* Ports: n/a
* Shared drives: n/a
* Target of infection: n/a
technical details
JS.Yamanner@m performs the following actions:
1. Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:
From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.
2. Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.
3. Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.
4. Targets email addresses from the @yahoo.com and @yahoogroups.com domains.
5. Contacts the following URL:
[http://]www.av3.net/index.htm
6. Sends a list of email addresses gathered to the above URL.