Worm Attacks Yahoo! Mail

Early Monday, June 12, 2006, it was discovered that the most popular Web based e-mail of Yahoo! was being exploited. The threat is a mass mailing worm that uses a vulnerability within JavaScript to allow itself into unsuspecting PCs. J.S.Yomanner@m is the name given to it by the Symantec corporation, and I could think of a few myself, but my professionalism restrains me.

The impact and threat level of Yomanner doesn’t appear too discerning with experts believing that the worm will be contained with minimal damage. When you talk about the sheer numbers of Yahoo! mail users, coupled with the fact that Yahoo! doesn’t have a fix yet, helped me to decide that it may be a good idea to go over some things and get you all informed.

The worm, of course, procreates by the use of e-mail. This is done just like every other type of worm. However, worms are traditionally embedded and are hiding in some attachment, but the Yomanner does not do that. This particular worm is in the e-mail itself. There is no attachment and all you have to do is open the e-mail and the worm will move in and start its agenda. The agenda is to multiply, which it does by immediately going into your Yahoo! Address Book and e-mailing itself to every contact in it. These e-mails have a subject line of “New Graphics Site.” In addition to this, another copy of the address book is sent off some anonymous online server, which could be used for other insidious activities.

So, how do you get rid of it? Well, considering that Yahoo! doesn’t have a fix for it, your best bet is preventative measures. I don’t mean to sound like a broken record every week reminding you guys to make sure all your security based software (firewall, antivirus, etc.) is up-to-date, but it’s just that important!

Immediately after you get done reading this newsletter, you should put the address av3@yahoo.com into your Blocked Addresses List. This is easy and only takes a few seconds.

1. Open up and log into your Yahoo! e-mail account.
2. Go over the far right of the main interface and select Options.
3. From within the Options page, choose the option to Block Addresses.

4. This will take you to another page where you will see a blank field right under the heading “Block Addresses.” Simply type the e-mail address of any undesirable e-mail. In this case, we’ll use av3@yahoo.com. Select the button “Block It,” which will add it to the list and Yahoo! will block it.

There is also talk that the Yahoo! Mail Beta service is not susceptible to this exploit, but you have to put your name on a list and wait for what could be a couple of weeks before your name comes up.

So, remember: Stay up-to-date on all security software and within your operating system. Highly scrutinize your e-mail and block the e-mail address (av3@yahoo.com) in you Yahoo! account. If you do all of this, you should be fine. Until next week, stay safe out there.

~ Chad Stelnicki