Home / malware Win32.Js.Yamanner.A@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Js.Yamanner.A@mm is also known as Worm:JS/Yammaner.A@mm;, Email-Worm.JS.Yamanner.a;, JS/Yamanner@MM, virus;, Worm.Yamanner.a;, JS/Yamanner.A.2.
Explanation :
This is a script written in Javascript that arrives on the user's computer in an email that appears to be sent from av3@yahoo.com having the following subject: "New Graphic Site" and body "this is a test". When this email is opened the script tries to exploit a vulnerability found in Yahoo! Mail service. If this vulnerability is found, then the malware will gather all the contacts from the address book of the currently logged in user whose address belog to yahoo.com and yahoogroups.com domains. Then it will send itself by email to all these contacts with the subject and body mentioned above. Next the user will be redirected to hxxp://www.av3.[removed] and the contact list is uploaded to this site.
Last update 21 November 2011