This morning when I thought I was opening an email from a client it
turned out to be a worm. I downloaded the attachment thinking it was
safe because it was from a client. Turns out looks like some sort of
worm. They got into my address book i guess.
I can't use my regular yahoo account for anything. Does this mean that
its on my computer too????
Thanks.
info@superioronline.info wrote:
> This morning when I thought I was opening an email from a client it
> turned out to be a worm. I downloaded the attachment thinking it was
> safe because it was from a client. Turns out looks like some sort of
> worm. They got into my address book i guess.
> I can't use my regular yahoo account for anything. Does this mean that
> its on my computer too????
Of course. The question is: Is it running? Did you intentionally execute
or did you do something very stupid to allow automatic execution, like
using the stupid WebMail interface in conjunction with misusing MSIE as
a webbrowser?
I was using webmail with IE 6. When I saw it was not a document from a
client i tried to close and it just went nuts!
I thought webmail was safer than Microsoft Outlook.
Sebastian Gottschalk wrote:
> info@superioronline.info wrote:
> > This morning when I thought I was opening an email from a client it
> > turned out to be a worm. I downloaded the attachment thinking it was
> > safe because it was from a client. Turns out looks like some sort of
> > worm. They got into my address book i guess.
> > I can't use my regular yahoo account for anything. Does this mean that
> > its on my computer too????
>
> Of course. The question is: Is it running? Did you intentionally execute
> or did you do something very stupid to allow automatic execution, like
> using the stupid WebMail interface in conjunction with misusing MSIE as
> a webbrowser?
Post removed (X-No-Archive: yes)
info@superioronline.info wrote:
> I was using webmail with IE 6. When I saw it was not a document from a
> client i tried to close and it just went nuts!
Actually for IE one can reasonably assume that one of its currently more
than 50 unpatched security vulnerabilities has been successfully
exploited. If you're running with restricted rights (let me guess: you
don't?) then your user account must be assumed to be compromised, with
higher privileges your entire system should be treat as compromised.
Well, make a better and more informed choice next time. Now you should
flatten and rebuild your system.
> I thought webmail was safer than Microsoft Outlook.
Webmail with a real webbrowser (read: not misusing MSIE as such one)
might be safer than that. And still POP3/SMTP/IMAP access with a serious
mail client (reads: not Outlook) is way safer, I wouldn't trust on
webmail solutions at all.
BTW, please fix your poor quoting.
On 12 Jun 2006 08:42:47 -0700, info@superioronline.info wrote:
> This morning when I thought I was opening an email from a client it
> turned out to be a worm. I downloaded the attachment thinking it was
> safe because it was from a client. Turns out looks like some sort of
> worm. They got into my address book i guess.
More likely your client has the worm, got which into their address book and
mailed it to everyone in the book. Lucky you.
First thing is to disconnect from the network,
backup any files you want to keep.
print your address book,
format your drive and re-install. Install your firewall, AV
software, connect to the net to get your OS updates, then your AV updates.
Scan your backup files, put them back on the system.
Add your address.
Since the worm got through Yahoo's scanners, I would guess you can
have infected backup files which could pass your backup files as
clean. :(
> I can't use my regular yahoo account for anything.
Sure you can, any email account is dangerous. Safer than some because
yahoo/hotmail servers have Anti-Virus scanners to clean malaware. :)
When their AV software know about it. :(
Now if you mean you cannot login into yahoo, you need to get to
another computer and change passwords, ASP.
You can have a keylogger snarfing login ids and passwords.
> Does this mean that its on my computer too????
You downloaded and executed it. Yes, you are infected.
I would warn everone in your address book that they may have been
infected and to warn the people in their book, and so on and so on.
What you are supposed to do is call anyone sending you attachments to
verify they intended to send it.
If no, delete it. If yes, extract it, scan it with Anti Virus
software, then open it with your fingers crossed.
After clean install of your system, you need to consider changing passwords
everywhere you use one.
Bit Twister
[deleted]
> Since the worm got through Yahoo's scanners, I would guess you can
> have infected backup files which could pass your backup files as
> clean. :(
>
> > I can't use my regular yahoo account for anything.
>
> Sure you can, any email account is dangerous. Safer than some because
> yahoo/hotmail servers have Anti-Virus scanners to clean malaware. :)
> When their AV software know about it. :(
I don't know what kind of Yahoo account the original poster has, but
the free (of charge) Yahoo! Mail account only does *spam* filtering,
not *virus* scanning [1].
[deleted]
[1] At least they don't talk about it and they freely pass (long) known
viruses (Been there, done that, got the popup from *my* AV software.).
Post removed (X-No-Archive: yes)
On 12 Jun 2006 18:03:55 GMT, Frank Slootweg wrote:
>
> I don't know what kind of Yahoo account the original poster has, but
> the free (of charge) Yahoo! Mail account only does *spam* filtering,
> not *virus* scanning [1].
Hmmm, guess I was misled by the following when I tried to download a
file I just sent to my free Yahoo email account.
Virus Scan Results
File name: New_Orleans_fix.jpg
File size: 48kb
File type: image/jpg
Scan result: No virus threat detected.
Scanned with: Norton 2006 AntiVirus
Keep your computer safe from Internet threats at all
times. Visit the Symantec Security Connection to learn how.
On Mon, 12 Jun 2006 20:34:46 +0200, Benoit Leraillez wrote:
> Bit Twister
>
>> print your address book,
>
> Exporting the adress book is much better. Be it in tabulated or vcf
> format.
True, just hope some malware does not infect it. :(
Post removed (X-No-Archive: yes)
this time it wasn't really MSIE's fault, because it also propogates in
Opera
It also has nothing to do with recklessly downloading attachments
Symantec calls it Yamanner
On 12 Jun 2006 18:49:50 -0700, DuboisLaundry wrote:
> this time it wasn't really MSIE's fault, because it also propogates in
> Opera
> It also has nothing to do with recklessly downloading attachments
You did not even have to download a document.
http://isc.sans.org/diary.php?storyid=1398&isc=2d289a8908c5d 29b7b37660a6f555a76
info@superioronline.info wrote:
> This morning when I thought I was opening an email from a client it
> turned out to be a worm. I downloaded the attachment thinking it was
> safe because it was from a client.
Now the Yahoo Mail worm is even in the news. Did it really look legitimate?
Bit Twister
> On 12 Jun 2006 18:03:55 GMT, Frank Slootweg wrote:
> >
> > I don't know what kind of Yahoo account the original poster has, but
> > the free (of charge) Yahoo! Mail account only does *spam* filtering,
> > not *virus* scanning [1].
>
> Hmmm, guess I was misled by the following when I tried to download a
> file I just sent to my free Yahoo email account.
>
> Virus Scan Results
> File name: New_Orleans_fix.jpg
> File size: 48kb
> File type: image/jpg
> Scan result: No virus threat detected.
> Scanned with: Norton 2006 AntiVirus
> Keep your computer safe from Internet threats at all
> times. Visit the Symantec Security Connection to learn how.
Yup, you're right (and hence I was wrong)! I did see nothing about
virus scanning in Yahoo! Mail's menus, Help, etc., but just now, I saw
this on their main Yahoo! Mail page (
Y> AntiVirus that works twice as hard.
Y> Your Yahoo! Mail scans and cleans email attachments to help keep
Y> nasty viruses out of your life.
with a graphic saying "Norton 2006 AntiVirus".
Thanks for setting me straight.
I've been having trouble accessing my yahoo mail. Is this possibly
related to this worm?