RE: Email Worm

[Guest guest]

, world's most popular e-mail, hit by worm

Tue Jun 13, 1:50 AM ET

Inc. (Nasdaq:YHOO - news), the world's largest provider of e-mail

services, said on Monday that a software virus aimed at Mail users had

infected " a very small fraction " of its base of more than 200 million accounts.

The e-mail virus, or worm, has been dubbed Yamanner and landed in

mailboxes bearing the headline " New Graphic Site. " Once opened, the message

infects the computer and spreads to other users listed in users' e-mail

address books, security experts said.

The e-mail containing the virus need only be opened -- in contrast to most

worms that are hidden in attachments and require users to take an additional

step -- to release the virus, according to computer security site Symantec

Corp..

The Sunnyvale, California-based company advised users to update virus and

firewall software on their computers and to block any e-mail sent from the

address " av3@.... "

" We have taken steps to resolve the issue and protect our users from further

attacks of this worm, " spokeswoman Kelley Podboy said in a statement.

" When we learn of e-mail abuse, such as a worm or other online threat, we

take appropriate action, " she said. " (A) solution has been automatically

distributed to all Mail customers, and requires no additional action on

the

part of the user. "

Yamanner, first detected by and major computer anti-virus software

makers earlier on Monday, was ranked as having a low threat level by Trend

Micro

Inc. and McAfee Inc.

But Symantec considers the worm an " elevated threat, " one step up from the

lowest ranking in terms of relative danger.

Symantec's Security Response site suggested Mail users might protect

themselves by upgrading to the latest test version of the recently upgraded

Mail software.

" The worm cannot run on the newest version of Mail Beta, " Symantec's

site said.

A spokesman was not immediately available to comment on whether the

company advised users to do this.

The worm exploits a vulnerability in Javascript technology used to make the

mail program easier to use by triggering embedded HTML scripts to run in the

computer user's browser.

The e-mail addresses are also sent to a remote online computer server, which

may be used to run spam campaigns, experts said. The technical name of the

worm goes by variants of " JS.Yamanner. "

Copyright © 2006 Reuters Limited. All rights reserved. Republication or

redistribution of Reuters content is expressly prohibited without the prior

written consent of Reuters. Reuters shall not be liable for any errors or

delays

in the content, or for any actions taken in reliance thereon.

Copyright © 2006 All rights reserved.

_Questions or Comments_

(http://us.ard./SIG=12en2bjjl/M=224039.1983420.3465435.1919853/D=news/S\

=7666528:FOOT/_ylt=Ah.fKiumBe1AruIzLLAl2zNg.3QA/Y=YA

HOO/EXP=1150272624/A=1030392/R=1/SIG=1124ddvo1/*http://help./help/new

s/)

_Privacy Policy_

(http://us.ard./SIG=12en2bjjl/M=224039.1983420.3465435.1919853/D=news/S\

=7666528:FOOT/_ylt=Ah.fKiumBe1AruIzLLAl2zNg.3QA/Y=/EXP

=1150272624/A=1030392/R=2/SIG=11a1ak88p/*/n

ews) -_Terms of Service_

(http://us.ard./SIG=12en2bjjl/M=224039.1983420.3465435.1919853/D=news/S\

=7666528:FOOT/_ylt=Ah.fKiumBe1AruIzLLAl2zNg.3QA/Y=

/EXP=1150272624/A=1030392/R=3/SIG=1136qnvkg/*http://docs./info/t

erms/) - _Copyright/IP Policy_

(http://us.ard./SIG=12en2bjjl/M=224039.1983420.3465435.1919853/D=news/S\

=7666528:FOOT/_ylt=Ah.fKiumBe1AruIzLLAl2zNg.

3QA/Y=/EXP=1150272624/A=1030392/R=4/SIG=11lp7krrc/*http://docs./

info/copyright/copyright.html) - _Ad Feedback_ (javascript:ADFlaunch())