14 DAY TRIAL // The recently discovered worm is Yamanner and it exploits a JavaScript vulnerability to infect all versions of Yahoo-based mail, with the exception of Yahoo! Mail Beta.
Early Monday morning Symantec sent a warning to its DeepSight Threat Management System clients concerning Yamanner, assigning it a 'level two' threat in a rating system that peaks at level five.
"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected. Antivirus definitions have been released for it, and Yahoo is working on a patch, so we don't want to cry wolf. Although there is the potential the worm will affect a larger number of people, for now to raise it to another (higher) level would be inappropriate."
Any e- mail in the Yahoo! Mailbox bearing the subject "New Graphic Site" is a Yamanner carrier. On opening such a message the computer will become infected, allowing the worm to multiply and spread itself with similar massages to all the addresses on the Yahoo! email contact list.
Yamanner will also send all information gathered concerning the email addresses to a remote online server, which Symantec's representatives suspect may use the information for spam campaigns.
"We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user," a Yahoo representative said.