Yahoo Users Stumble Over Yamanner

Yahoo's (Nasdaq: YHOO) Web-based e-mail service is the latest target of a malicious attack. A new worm, dubbed Yamanner, has set out to collect addresses from a spam database, Symantec (Nasdaq: SYMC) warned Monday.

Yamanner exploits a vulnerability in Yahoo's Web-based e-mail program. It spreads itself to the user's Yahoo e-mail contacts when the user opens an e-mail infected by the worm -- opening a downloadable file is not required to execute this attack. Symantec rates the worm as a level 2 threat on a scale of 1 to 5, with 5 being the most severe.

Making matters worse, the worm also sends these e-mail addresses to a remote server on the Internet. The good news is only people with an e-mail address that is on yahoo.com or yahoogroups.com may be impacted by this worm.

Recognizing the Threat

The malicious message will have a "From" address of av3@yahoo.com and a "Subject" of "New Graphic Site." Yamanner won't execute on the newest Yahoo Mail Beta.

"Harvested addresses from the address book are then submitted to a remote URL, which is likely to be used for a spam database," Symantec said in its alert.

Since the worm arrives as an HTML message containing JavaScript, Symantec recommended Yahoo customers stop using the service or disable the browser's JavaScript capabilities before reading any Web mail.

"We have taken steps to resolve the issue and protect our users from further attacks of this worm," Yahoo spokesperson Kelley Podboy said.

"When we learn of e-mail abuse, such as a worm or other online threat, we take appropriate action," she said. "[A] solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user."

A Notable Worm

Yamanner is a notable new threat, according to iDefense Senior Engineer Ken Dunham, because it is fairly easy to exploit. Users don't have to download a file or click on a link. Just opening the file causes infection.

"This worm has a larger scope that originally was thought. It may impact other Web e-mail services as well," Dunham told TechNewsWorld. "This worm required a lot of testing to successfully attack users of Web-based e-mail services. These attacks are getting more sophisticated."

Transparent Trouble

Indeed, Yamanner also marks a troubling trend among hacker tactics: keeping the installation of malicious code transparent. Today's hackers are able to readily conceal that malicious activity is taking place behind the scenes when you open e-mail or browse the Web.

"The problem is the end users may not realize their computer is affected. Who would have thought you could get a virus just browsing the Internet?" Dunham asked. "It violates the trust that people have for the basic use of the Internet and causes them to feel they are helpless to stop it."

Dunham said it's up to Yahoo and others to find a way to defend customers against these types of attacks. To Yahoo's credit, it appears the search giant has fixed the Yamanner issue, but analysts expect escalated attacks of all sorts in 2006 and beyond.