- Good morning,
I wanted to let you know that yahoo email and yahoo groups has a
worm going around that is infecting computers. It isn't bothering
the Rich-Text Beta mail. I own a Hungarian genealogy group and
belong to an Ohio genealogy group and we have both been hit numerous
times with this.
If you get an email that the subject line is 'new graphic site',
delete it. I'm pasting an article from Symantec below.
I don't know if my computer is infected or not, that's why I'm
sending this. I've done scans with Norton and zone alarm both and
nothing has shown up. Just beware.
You don't have to open the attachment to get the worm. Merely
VIEWING the email will infect you. Here's an article on it:
Symantec has reported that an un-patched vulnerability of Yahoo Mail
could be the source for spreading a highly infectious and "silent"
machines without users having to click on a suspect attachment, they
just have to open the rogue message to get their PCs conquered by
Symantec has reported that the worm's name is JS.Yamanner@m and it
only affects users who have an e-mail address ending in @...
or @yahoogroups.com. It seems that users with Yahoo! Mail Beta are
not to be concerned about the threat. Nevertheless, the worm is to
be taken seriously because the infection method is very effective
and silent: when the user opens an e-mail infected by the worm,
JS.Yamanner takes control by exploiting a vulnerability which
enables scripts embedded in HTML e-mails to be run by the user's
browser. It then sends the e-mail addresses he finds to a remote
server on the Internet.
There are potentially 100 million victims of the worm, since there
are about 100 million users of Yahoo e-mail. Still, the malicious
scripts are being blocked by Yahoo! Mail for security reasons, and
this is the reason for which Symantec has categorized JS.Yamanner as
a relatively low Level 2 threat (on a scale of 1 to 5, with 5 being
Additionally, if users mistakenly open an infected e-mail, they will
also see that their browser window is re-directed to display the Web
page associated with the URL: http://www.av3.net/index.htm.
"This worm is a twist on the traditional mass-mailing worms that we
have seen in recent years," said Dave Cole, director at Symantec
Security Response. "Unlike its predecessors, which would require the
user to open an attachment in order to launch and propagate,
JS.Yamanner makes use of a previously-unknown security hole in the
Yahoo! Web mail program in order to spread to other Yahoo! users and
harvests user information for possible future attacks."
Symantec's advice for Yahoo users is to keep their antivirus and
firewall definitions up-to-date and to block any messages coming
from av3[at]yahoo.com, since there is no patch to the vulnerability
yet. Further details are to be found at :
Symantec also reported a few weeks ago that they've discovered a
zero-day exploit in the popular text editor Word, which affects
editions 2000, 2003 and XP. The exploit allows the hacker to take
control over a machine by introducing through that vulnerability a
trojan called Backdoor.Ginwui. The trojan is very dangerous since it
can pass through various spam filters and since Symantec recognized
that its main product, "Norton Anti-Virus", is not as capable of
detecting specific malicious Word files.
A possible way of infection include the opening of an infected Word
attachment of an e-mail. This is why Symantec recommends high
precaution concerning mail attachments and, since the attackers
pinpoint towards large companies, Symantec also recommends a
limitation of user-privileges when dealing with corporate e-mails.
Microsoft's response was that they will be releasing a fix for this
vulnerability not sooner than 13th of June 2006.
But very recently, even Symantec itself, which protects large
corporate and even governmental data, was put in a quite embarrasing
situation, when Mike Puterbaugh, vice president of marketing for
eEye Digital Security announced a critical vulnerability into
Symantec's flagship product, naming it "everything required for a
The flaw is said to have affected users of Symantec AntiVirus
Corporate Edition 10.0 and Symantec Client Security 3. According to
eEye the vulnerability can "compromise affected systems, allowing
for the execution of malicious code with system level access."
Although usual infections with viruses require a naïve user, who
clicks on something suspicious, eEye says this time the flaw doesn't
need user's interaction.