Warning!!! JS/Yamanner - New Graphic Site

Discussion in 'NOD32 version 2 Forum' started by pykko, Jun 13, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hello!
    I've read about this worm: JS/Yamanner recently and it's currently spreading here in Romania. :(

    I've seen in version 1.1595 that NOD32 added JS/Yamaihoo.A. Is this the same one?

    Here's a description of the worm: http://www.avira.com/en/threats/section/fulldetails/id_vir/2128/js_yamanner.html

    It comes in an e-mail from %collected email addresses%@yahoo.com
    %collected email addresses%@yahoogroups.com

    with the following subject: New Graphic Site

    One of my friends actually received it and clicked on it and the e-mail was sent to almost evryone in his address book. He uses NOD32 but he saw no warning. :doubt:
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i think nod32 detect it as JS/Yamaihoo.A
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    yes, as I've stated. :D
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I"ve received the mail myself now. :(

    I don't know what to say? Is it detected or not? Can I forward the mail to ESET...but for this I should open it. :D
    Hope an ESET Mod will answer to this thread....
     
  5. ASpace

    ASpace Guest


    If detection was added (obviously it was) then NOD32 should detect it even if it is a new variant . Let's not forget about the advanced heuristics .

    However I suggest you not to take the risk if this is on a productive machine . ESET would be grateful to receive a sample , in my opinion :)
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, I'm a risky boy so I've opened the e-mail because it was sent to me at request. :D One of my friends opened it and NOD32 did not prompt. So he forwarded the e-mail to me and I've opened it.
    Besides I've read that yahoo made an update to protect its users against this threat. ;)
    Not even Avira said a word about it. And Avira has the definition as you may notice from my first post. :)
     
  7. ASpace

    ASpace Guest

    So does now NOD detect it on your computer , latest version and updates ?! :blink:
     
  8. ASpace

    ASpace Guest

  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    NOD32 and Avira foound nothing while opening that e-mail, not even after scanning my computer. ;)
    Perhaps it's malign only. :)
     
  10. ASpace

    ASpace Guest


    Send the files to ESET , either by the quarantine or to samples@eset.com

    May be this is a new variant or something like that :)
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I could only send them the mail. o_O
     
  12. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    this is enough. They already should have a sample through the sample sharing network between AV companies.
     
  13. ASpace

    ASpace Guest



    It is really strange , by the way , that this isn't detected o_O
     
  14. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    Hmm - It's not widely spread. It's in the news because it's zero day exploit. By default users are directed to the new beta version of yahoo mail which is not vulnerable. I think the amount of infections is very small. How do you know ESET dont already detect this?
     
  15. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, we shall see when Marcos is here. ;)
     
  16. ASpace

    ASpace Guest

    This is in their database 1.1595 , I guess
     
  17. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Added a new variant in 1.1598 also. ;)
    I've found the e-mail didn't contain all the executable code for the malware so it was no danger. :)
     
  18. ASpace

    ASpace Guest

    Just wanted to add this and I saw your post ,pykko . Oh , no problem , here is the prove : :D :D :D

    [MOVE]NOD32[/MOVE]
     

    Attached Files:

Thread Status:
Not open for further replies.