Yamanner

The Yamanner worm is a computer worm written in JavaScript that targeted a vulnerability in the Yahoo! Mail service. Released on June 12, 2006, the worm spread through the Yahoo! system, infecting the systems of those who opened the e-mails and sending the user's address book to a remote server.[1][2][3]

The worm exploited a vulnerability in Yahoo! Mail that enabled scripts embedded within HTML emails to be run within a user's browser instead of being blocked. Once executed, the worm forwarded itself to an infected user's contacts on Yahoo! Mail and harvested these addresses, sending them to a remote internet server. Only contacts with an email address ending in either "yahoo.com" or "yahoogroups.com" were targeted.[3]

Infected emails commonly had the subject line "New Graphic Site" and were spoofed to appear from "av3 at the rate yahoo.com". Users who opened infected emails were redirected to a webpage at www.av3.net/index.htm.[1]

At the time, there was no patch available for the vulnerability exploited by the Yamanner worm. Users were recommended to update virus definitions, firewall signatures, and block emails sent from av3 at the rate yahoo.com as a precaution.[1]

The impact of the Yamanner worm appeared to be low, with security vendor Symantec stating that it was making the rounds but had not caused significant damage. However, the worm highlighted the potential for widespread infection through vulnerabilities in popular email services like Yahoo! Mail.[3]

References

  1. ^ a b c "Worm hits Yahoo! Mail users". Al Jazeera. Retrieved 2024-08-05.
  2. ^ "Yahoo Mail Worm Harvesting Addresses | InformationWeek". www.informationweek.com. Retrieved 2024-08-05.
  3. ^ a b c "Yahoo e-mail under worm attack". InfoWorld. Retrieved 2024-08-05.
Stub icon

This malware-related article is a stub. You can help Wikipedia by adding missing information.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.