A new worm is infecting the worlds largest free Yahoo Email users worldwide. The Yamanner worm or more technically the JS.Yamanner@m arrives on the compromised computer as a Yahoo! HTML email containing JavaScript. If the email is opened within Yahoo! Mail, it exploits a vulnerability in the Yahoo! Mail service and executes a script.
A Symantec Virus Threat Advisory says
The worm – JS.Yamanner@m – spreads itself to the user’s Yahoo! e-mail contacts when the user opens an e-mail infected by the worm. In addition, JS.Yamanner also sends these e-mail addresses to a remote server on the Internet. Only those using contacts with an e-mail address that is @yahoo.com or @yahoogroups.com are impacted by this worm.
JS.Yamanner exploits a vulnerability that enables scripts embedded in HTML e-mails to be run by the user’s browser. These scripts are normally blocked by Yahoo! Mail for security reasons.
The new Yahoo Mail Beta users are not affected. The Yamaner worm infected email usually has a subject line of “New Graphic Site” and if you open the infected email, the window redirects the Web browser from Yahoo! Mail to the following Web site www.av3.net/index.htm and sends the list of gathered email addresses to the above URL. Read more details more about the Yamanner Worm, its damage level and how to remove the virus. Always keep your antivirus software updated. Incidently all email attachments in Yahoo mail are virus protected by Norton Antivirus 2006 by Symantec. I am sure Yahoo mail would have fixed the vulnerability which this worm exploits by now!