Alleged Yahoo Worm Author Just Wanted a Job...& More to Come

|

Security is always full of twists and surprises. To borrow from the spirit of Forrest Gump" Security is like a box of handgrenades- you'll never know when you're gonna get a live one."

Much to the chagrin of some Yahoo Mail users. the JS/Yamanner Worm played havoc through a vulnerability in Yahoo Mail service. Now for that bizarro twist- the alleged worm writer was simply looking for a job. He concocted the worm to show off his "elite skills".


From Silicon Valley Sleuth Blog.


Subject: I have written JS/Yamanner@MM Worm

Hello
I have written JS/Yamanner@MM Worm that has been discovered 12 June 2006. I found that in Yahoo! mail and use it to execute scripts ( collecting yahoo addresses from someone mail, sending this email using Ajax technology to them and then redirecting them into a sample site).

Finally I should mention that I don't like to disturb no one. Since I live in iran and taking a Job in good computer companies is very hard (becaue getting Visa is very hard from US) I just want to prove that I have some abilities in web programming . And I like to work with professional team like you if there is any way to do that.

Perhaps they should have named the worm JS/BadManners?

Bottom line is security companies don't hire digital criminals. The actions don't say much for this misguided individual. As Silicon Valley Sleuth notes he simply could of have written a proof of concept instead of steam rolling innocents via e-mail. Security ethics are cemented around integrity. Some of the finest malware fighters I know are truly great people- who care not only about our technological ecosphere but simply want to make it more safe.

On that note stay tuned to this bat channel- PaperGhost has been leading a mad hunt, guns blazing, with the team into the murky depths of- let's say the "Lords of The Underworld". That's your hint. The days get stranger...

I also promise you won't want to hire this guy either...not even to stock your grocery shelves or to mow your lawn.

About this Entry

This page contains a single entry by published on June 13, 2006 11:01 AM.

Botnet Installer Launches Zango.com and BestOffers Network Ads... was the previous entry in this blog.

Data-Theft Worm Targets Google's Orkut is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.