Hello!
I've read about this worm: JS/Yamanner recently and it's currently spreading here in Romania. :(

I've seen in version 1.1595 that NOD32 added JS/Yamaihoo.A. Is this the same one?

Here's a description of the worm: http://www.avira.com/en/threats/section/fulldetails/id_vir/2128/js_yamanner.html

It comes in an e-mail from %collected email addresses%@yahoo.com
%collected email addresses%@yahoogroups.com

with the following subject: New Graphic Site

One of my friends actually received it and clicked on it and the e-mail was sent to almost evryone in his address book. He uses NOD32 but he saw no warning. :-\

i think nod32 detect it as JS/Yamaihoo.A

yes, as I've stated. ;D

I"ve received the mail myself now. :(

I don't know what to say? Is it detected or not? Can I forward the mail to ESET...but for this I should open it. ;D
Hope an ESET Mod will answer to this thread....

{QUOTE-> I"ve received the mail myself now. :(

I don't know what to say? Is it detected or not? Can I forward the mail to ESET...but for this I should open it. ;D
Hope an ESET Mod will answer to this thread.... <-QUOTE}


If detection was added (obviously it was) then NOD32 should detect it even if it is a new variant . Let's not forget about the advanced heuristics .

However I suggest you not to take the risk if this is on a productive machine . ESET would be grateful to receive a sample , in my opinion :)

well, I'm a risky boy so I've opened the e-mail because it was sent to me at request. ;D One of my friends opened it and NOD32 did not prompt. So he forwarded the e-mail to me and I've opened it.
Besides I've read that yahoo made an update to protect its users against this threat. ;)
Not even Avira said a word about it. And Avira has the definition as you may notice from my first post. :)

{QUOTE-> well, I'm a risky boy so I've opened the e-mail because it was sent to me at request. ;D One of my friends opened it and NOD32 did not prompt. So he forwarded the e-mail to me and I've opened it.
Besides I've read that yahoo made an update to protect its users against this threat. ;)
Not even Avira said a word about it. And Avira has the definition as you may notice from my first post. :) <-QUOTE}

So does now NOD detect it on your computer , latest version and updates ?! :blink:

You can test your NOD32 using this
http://www.eset.com/eicar.com


;D

NOD32 and Avira foound nothing while opening that e-mail, not even after scanning my computer. ;)
Perhaps it's malign only. :)

{QUOTE-> NOD32 and Avira foound nothing while opening that e-mail, not even after scanning my computer. ;)
Perhaps it's malign only. :) <-QUOTE}


Send the files to ESET , either by the quarantine or to samples@eset.com

May be this is a new variant or something like that :)

I could only send them the mail. ???

{QUOTE-> I could only send them the mail. ??? <-QUOTE}

this is enough. They already should have a sample through the sample sharing network between AV companies.

{QUOTE-> this is enough. They already should have a sample through the sample sharing network between AV companies. <-QUOTE}



It is really strange , by the way , that this isn't detected ???

{QUOTE-> It is really strange , by the way , that this isn't detected ??? <-QUOTE}

Hmm - It's not widely spread. It's in the news because it's zero day exploit. By default users are directed to the new beta version of yahoo mail which is not vulnerable. I think the amount of infections is very small. How do you know ESET dont already detect this?

well, we shall see when Marcos is here. ;)

{QUOTE-> Hmm - It's not widely spread. It's in the news because it's zero day exploit. By default users are directed to the new beta version of yahoo mail which is not vulnerable. I think the amount of infections is very small. How do you know ESET dont already detect this? <-QUOTE}

This is in their database 1.1595 , I guess

Added a new variant in 1.1598 also. ;)
I've found the e-mail didn't contain all the executable code for the malware so it was no danger. :)

Just wanted to add this and I saw your post ,pykko . Oh , no problem , here is the prove : ;D ;D ;D

NOD32