Worm wrigglers have apparently targeted Yahoo’s popular Web mail service with a new virus that aims to spread via a user’s Yahoo Mail address book. But so far, its impact has been zilch.
The worm is known as YAMANER and is written in JavaScript Security firm Symantec noted in a published advisory that the Yamaner worm exploits an apparent vulnerability in the Yahoo e-mail service to send a copy of itself to the user’s Yahoo e-mail contacts. Security firm Trend Micro’s analysis of the Yamaner worm said the worm spreads via e-mail and has a random ‘From’ address. The subject message is typically “New Graphic Site” and the message body is chosen from a random list of content. Once launched against the user’s system, the worm specifically targets user address book addresses within the @yahoo.com and @yahoogroups.com domains. It also connects to a URL where it then attempts to send a list of the various e-mail addresses it harvested from the infected user’s address book. Although the Yamaner worm could potentially have become widespread thanks to its payload effort to spread via users’ address books, so far it’s been a bust, according to most security firms. The Yamaner worm is doing little to no damage in the wild. Trend Micro is actually reporting zero computers infected by the virus since it was first noticed yesterday. Symantec reports the number of cases at between 0 and 49 and Sophos ranks the prevalence of the worm as low. The Yamaner worm apparently also never affected the Yahoo! Mail Beta which offers an AJAX enhanced interface to the online Web mail client. According to the Yahoo! Mail homepage, mail services are protected by Norton AntiVirus 2006, Norton is of course a Symantec brand. All the major antivirus vendors (including Symantec) have updated their antivirus definition to protect against the threat as well.