TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_YAMANNER.A
Overview
Solution

Malware type: JavaScript

Aliases: JS/Yamann-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via email

Description: 

To get a one-glance comprehensive view of the behavior of this malicious JavaScript, refer to the Behavior Diagram shown below.

JS_YAMANNER.A Behavior Diagram

Malware Overview

This malicious JavaScript arrives on a system as an embedded file in a Yahoo! email message. When a user opens the said email message, this malicious JavaScript automatically executes.

It takes advantage of a vulnerability found in Yahoo! Web-based email service in order to send copies of itself to an affected user's Yahoo! contacts. It gathers email addresses from Yahoo! email folders. The said action further spreads this malware.

It connects to the URL http://www.a{BLOCKED}et to send a list of email addresses it gathers. This routine exposes private information to possible attackers.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 12, 2006 3:29:26 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.