Warning!!! JS/Yamanner - New Graphic Site

Hello!
I've read about this worm: JS/Yamanner recently and it's currently spreading here in Romania.

I've seen in version 1.1595 that NOD32 added JS/Yamaihoo.A. Is this the same one?

Here's a description of the worm: http://www.avira.com/en/threats/section/fulldetails/id_vir/2128/js_yamanner.html

It comes in an e-mail from %collected email addresses%@yahoo.com
%collected email addresses%@yahoogroups.com

with the following subject: New Graphic Site

One of my friends actually received it and clicked on it and the e-mail was sent to almost evryone in his address book. He uses NOD32 but he saw no warning.

 

i think nod32 detect it as JS/Yamaihoo.A

 

yes, as I've stated.

 

I"ve received the mail myself now.

I don't know what to say? Is it detected or not? Can I forward the mail to ESET...but for this I should open it.
Hope an ESET Mod will answer to this thread....

 

If detection was added (obviously it was) then NOD32 should detect it even if it is a new variant . Let's not forget about the advanced heuristics .

However I suggest you not to take the risk if this is on a productive machine . ESET would be grateful to receive a sample , in my opinion

 

well, I'm a risky boy so I've opened the e-mail because it was sent to me at request. One of my friends opened it and NOD32 did not prompt. So he forwarded the e-mail to me and I've opened it.
Besides I've read that yahoo made an update to protect its users against this threat.
Not even Avira said a word about it. And Avira has the definition as you may notice from my first post.

 

So does now NOD detect it on your computer , latest version and updates ?!

 

You can test your NOD32 using this
http://www.eset.com/eicar.com

 

NOD32 and Avira foound nothing while opening that e-mail, not even after scanning my computer.
Perhaps it's malign only.

 

Send the files to ESET , either by the quarantine or to samples@eset.com

May be this is a new variant or something like that

 

I could only send them the mail.

 

this is enough. They already should have a sample through the sample sharing network between AV companies.

 

It is really strange , by the way , that this isn't detected

 

Hmm - It's not widely spread. It's in the news because it's zero day exploit. By default users are directed to the new beta version of yahoo mail which is not vulnerable. I think the amount of infections is very small. How do you know ESET dont already detect this?

 

well, we shall see when Marcos is here.

 

This is in their database 1.1595 , I guess

 

Added a new variant in 1.1598 also.
I've found the e-mail didn't contain all the executable code for the malware so it was no danger.

 

Just wanted to add this and I saw your post ,pykko . Oh , no problem , here is the prove :

[MOVE]NOD32[/MOVE]