Loading ...
Sorry, an error occurred while loading the content.

Yahoo

Expand Messages
  • Paula
    Good morning, I wanted to let you know that yahoo email and yahoo groups has a worm going around that is infecting computers. It isn t bothering the Rich-Text
    Message 1 of 2 , Jun 13, 2006
    • 0 Attachment
      Good morning,

      I wanted to let you know that yahoo email and yahoo groups has a
      worm going around that is infecting computers. It isn't bothering
      the Rich-Text Beta mail. I own a Hungarian genealogy group and
      belong to an Ohio genealogy group and we have both been hit numerous
      times with this.
      If you get an email that the subject line is 'new graphic site',
      delete it. I'm pasting an article from Symantec below.
      I don't know if my computer is infected or not, that's why I'm
      sending this. I've done scans with Norton and zone alarm both and
      nothing has shown up. Just beware.

      Paula Knebler

      You don't have to open the attachment to get the worm. Merely
      VIEWING the email will infect you. Here's an article on it:

      Symantec has reported that an un-patched vulnerability of Yahoo Mail
      could be the source for spreading a highly infectious and "silent"
      JavaScript worm. The dangerous thing about it is that it can infect
      machines without users having to click on a suspect attachment, they
      just have to open the rogue message to get their PCs conquered by
      the worm.

      Symantec has reported that the worm's name is JS.Yamanner@m and it
      only affects users who have an e-mail address ending in @...
      or @yahoogroups.com. It seems that users with Yahoo! Mail Beta are
      not to be concerned about the threat. Nevertheless, the worm is to
      be taken seriously because the infection method is very effective
      and silent: when the user opens an e-mail infected by the worm,
      JS.Yamanner takes control by exploiting a vulnerability which
      enables scripts embedded in HTML e-mails to be run by the user's
      browser. It then sends the e-mail addresses he finds to a remote
      server on the Internet.

      There are potentially 100 million victims of the worm, since there
      are about 100 million users of Yahoo e-mail. Still, the malicious
      scripts are being blocked by Yahoo! Mail for security reasons, and
      this is the reason for which Symantec has categorized JS.Yamanner as
      a relatively low Level 2 threat (on a scale of 1 to 5, with 5 being
      most severe).

      Additionally, if users mistakenly open an infected e-mail, they will
      also see that their browser window is re-directed to display the Web
      page associated with the URL: http://www.av3.net/index.htm.

      "This worm is a twist on the traditional mass-mailing worms that we
      have seen in recent years," said Dave Cole, director at Symantec
      Security Response. "Unlike its predecessors, which would require the
      user to open an attachment in order to launch and propagate,
      JS.Yamanner makes use of a previously-unknown security hole in the
      Yahoo! Web mail program in order to spread to other Yahoo! users and
      harvests user information for possible future attacks."

      Symantec's advice for Yahoo users is to keep their antivirus and
      firewall definitions up-to-date and to block any messages coming
      from av3[at]yahoo.com, since there is no patch to the vulnerability
      yet. Further details are to be found at :
      http://securityresponse.symantec.com/.

      Symantec also reported a few weeks ago that they've discovered a
      zero-day exploit in the popular text editor Word, which affects
      editions 2000, 2003 and XP. The exploit allows the hacker to take
      control over a machine by introducing through that vulnerability a
      trojan called Backdoor.Ginwui. The trojan is very dangerous since it
      can pass through various spam filters and since Symantec recognized
      that its main product, "Norton Anti-Virus", is not as capable of
      detecting specific malicious Word files.

      A possible way of infection include the opening of an infected Word
      attachment of an e-mail. This is why Symantec recommends high
      precaution concerning mail attachments and, since the attackers
      pinpoint towards large companies, Symantec also recommends a
      limitation of user-privileges when dealing with corporate e-mails.

      Microsoft's response was that they will be releasing a fix for this
      vulnerability not sooner than 13th of June 2006.

      But very recently, even Symantec itself, which protects large
      corporate and even governmental data, was put in a quite embarrasing
      situation, when Mike Puterbaugh, vice president of marketing for
      eEye Digital Security announced a critical vulnerability into
      Symantec's flagship product, naming it "everything required for a
      worm".

      The flaw is said to have affected users of Symantec AntiVirus
      Corporate Edition 10.0 and Symantec Client Security 3. According to
      eEye the vulnerability can "compromise affected systems, allowing
      for the execution of malicious code with system level access."
      Although usual infections with viruses require a naïve user, who
      clicks on something suspicious, eEye says this time the flaw doesn't
      need user's interaction.
    Your message has been successfully submitted and would be delivered to recipients shortly.