Be aware, a new Worm is circulating via the internet using the Yahoo email service. The payload of the worm does not appear to be malicious to your computer, however it spreads by sending itself to all contacts listed in your Yahoo email contacts. The worm also sends your email address and those in your contact list to a remote website that is harvesting email addresses to send SPAM to.
This worm takes advantage of an unpatched/unfixed problem in the Yahoo mail service, except the new Yahoo Mail Beta. This is classified as a Zero Day exploit. A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.
Symantec is detecting this worm as JS.Yamanner@m and is only detected and prevented by manually updating to the latest Virus DAT files. Note: Symantec releases automatic Virus DAT updates weekly on Wednesday.
If you receive an email with the structure of what is described below, simply delete it without opening it. This exploit will trigger simply by reading the email.
1. Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:
From: Varies
Subject: New Graphic Site
Message body: Note: forwarded message attached.
2. Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.
3. Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.
4. Targets email addresses from the @yahoo.com and @yahoogroups.com domains.
5. Contacts an email harvesting website
6. Sends a list of email addresses gathered to the email harvesting website.