The Yamman worm targets Yahoo! mail users
Experts at SophosLabsâ„¢,
Sophos's global network of threat analysis centers, have issued
protection against a worm which targets users of Yahoo!
webmail.
The JS/Yamann-A
(also known as Yamanner) JavaScript worm attempts to exploit a
vulnerability to infect users of Yahoo!'s email and webgroup
services. Although the virus has stirred enormous media interest,
Sophos has received no reports of infections from any of its
customers.
Unlike many other worms which can travel via email, the Yamann-A
worm does not use email attachments, instead embedding itself as
malicious JavaScript code inside the body of the message. The
vulnerability exploited by the worm is Yahoo's system rather than
in software run by the user. As such, it is not comparable to
security vulnerabilities that have been found in the past in web
browsers such as Internet Explorer and Firefox.
"Businesses tend to use their own email systems rather than the
type of free webmail accounts offered by the likes of Yahoo!,
Hotmail and Gmail," said Graham Cluley, senior
technology consultant for Sophos. "The good news is that Yahoo!
appears to have already fixed the problem, meaning that the Yamann
worm can no longer spread via its systems."
A representative for Yahoo! has been quoted in the press
confirming that the vulnerability has been removed from its
systems, and that Yahoo! mail users do not have to take any further
action to avoid infection by the worm.
"We have taken steps to resolve the issue and protect our users
from further attacks of this worm," said Kelley Podboy of Yahoo!.
"The solution has been automatically distributed to all Yahoo! Mail
customers, and requires no additional action on the part of the
user."
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware
and spam threats and secure their desktops and servers with
automatically updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.