Yamanner
The Yamanner worm is a computer worm written in JavaScript that targeted a vulnerability in the Yahoo! Mail service. Released on June 12, 2006, the worm spread through the Yahoo! system, infecting the systems of those who opened the e-mails and sending the user's address book to a remote server.[1][2][3]
The worm exploited a vulnerability in Yahoo! Mail that enabled scripts embedded within HTML emails to be run within a user's browser instead of being blocked. Once executed, the worm forwarded itself to an infected user's contacts on Yahoo! Mail and harvested these addresses, sending them to a remote internet server. Only contacts with an email address of either at the rate yahoo.com or at the rate yahoogroups.com were targeted.[3]
Infected emails commonly had the subject line "New Graphic Site" and were spoofed to appear from "av3 at the rate yahoo.com". Users who opened infected emails were redirected to a webpage at www.av3.net/index.htm.[1]
At the time, there was no patch available for the vulnerability exploited by the Yamanner worm. Users were recommended to update virus definitions, firewall signatures, and block emails sent from av3 at the rate yahoo.com as a precaution.[1]
The impact of the Yamanner worm appeared to be low, with security vendor Symantec stating that it was making the rounds but had not caused significant damage. However, the worm highlighted the potential for widespread infection through vulnerabilities in popular email services like Yahoo! Mail.[3]
References
[edit]- ^ a b c "Worm hits Yahoo! Mail users". Al Jazeera. Retrieved 2024-08-05.
- ^ "Yahoo Mail Worm Harvesting Addresses | InformationWeek". www.informationweek.com. Retrieved 2024-08-05.
- ^ a b c "Yahoo e-mail under worm attack". InfoWorld. Retrieved 2024-08-05.