Author Topic: Yahoo mail worm author merely job hunting (Read 202 times)

Wolfala · « **on:** June 14, 2006, 04:27:10 PM »

Yahoo mail worm author merely job hunting

A person claiming to be the author of Monday's Yamanner worm that targeted an unpatched vulnerability in Yahoo's mail application has contacted several security vendors, asking them for a job.

The security industry collectively told him to get lost.

In addition to the rule that you don't negotiate with terrorists, the author doesn't provide any proof that he crafted the worm. If he was merely out to show off his programming skills, he could have written a proof of concept worm and inform the proper authorities.

By setting his creation loose, he effectively ran over a child with his car to demonstrate a design flaw, and only then contacted the manufacturer about the issue.

-------------

Subject: I have written JS/Yamanner@MM Worm

Hello
I have written JS/Yamanner@MM Worm that has been discovered 12 June 2006. I found that in Yahoo! mail and use it to execute scripts ( collecting yahoo addresses from someone mail, sending this email using Ajax technology to them and then redirecting them into a sample site).
…
Finally I should mention that I don’t like to disturb no one. Since I live in iran and taking a Job in good computer companies is very hard (becaue getting Visa is very hard from US) I just want to prove that I have some abilities in web programming . And I like to work with professional team like you if there is any way to do that.

----------

I have two problems with this. The first problem I have with this is obvious, some idiot thinking he could get a job this way. The second, not so obvious, is why none of these companies lured the guy in to have him arrested. Duh! How stupid (on both accounts) can you get?

Ouaibe · « **Reply #1 on:** June 14, 2006, 04:59:48 PM »

You really think Iran would arrest a guy because the USA would tell them to do so?

Tssss...

Neubob · « **Reply #2 on:** June 14, 2006, 05:08:00 PM »

Quote

Originally posted by Ouaibe
You really think Iran would arrest a guy because the USA would tell them to do so?

Tssss...

Probably not. They'd most likely be too busy arresting helpless, law-abiding civilians.

Maverick · « **Reply #3 on:** June 14, 2006, 05:08:36 PM »

I think he should be granted a job interview in iran. He should stand at a particular spot and the interviewer, Mr. Hellfire will be with him shortly.

Meatwad · « **Reply #4 on:** June 14, 2006, 06:32:16 PM »

Quote

Originally posted by Maverick
I think he should be granted a job interview in iran. He should stand at a particular spot and the interviewer, Mr. Hellfire will be with him shortly.

AWMac · « **Reply #5 on:** June 14, 2006, 06:38:27 PM »

There's another one out there called "A New Graphic Site"

This will email porn to everyone on you email addy list. So if you recieve from any of your friends and the subj line mentions the above delete it.

and then email him back if it was intended to be sent to you... I was lucky, slow in answering emails and had seen replies in groups mentioning this one. It's been running now a week.

Wear Rubbers!!!

Mac