Virus:JS/Yamanner
Date discovered:13/06/2006
Type:Worm
In the wild:No
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low to medium
Static file:No
File size:~6.300 Bytes
VDF version:6.35.00.19
IVDF version:6.35.00.25 - Wednesday, June 14, 2006

 General Method of propagation:
   • Email


Aliases:
   •  Symantec: JS.Yamanner@m
   •  Mcafee: JS/Yamanner@MM
   •  TrendMicro: JS_YAMANER.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003




   Description:

   This malicious script exploits a recently discovered vulnerability in the Yahoo! web-based email service in order to perform its routine.

   When an email containing this malware is opened, the malicious JavaScript will automatically send email messages to several random addresses contained in the user's contacts list.

   Afterwards, the collected email addresses are uploaded on a site contained in the body of the malware.

 Email To:
The recipients of the email are the following:
   • %collected email addresses%@yahoo.com
   • %collected email addresses%@yahoogroups.com


Subject:
The following:
   • New Graphic Site



Body:
The body of the email is one of the following:

   • This is test.
     Note: forwarded message attached.

   • Note: forwarded message attached.

 Backdoor Contact server:
The following:
   • http://www.av3.net/**********

As a result it may send some information.

Sends information about:
    • Collected Email addresses

Description inserted by Andrei Gherman on Tuesday, June 13, 2006
Description updated by Andrei Gherman on Tuesday, June 13, 2006

Back . . . .