« Uninformed Issue 4 released | Main | Microsoft Releases 8 Patches on Security Patch Tuesday »

JavaScript worm targets Yahoo!

"A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo!'s webmail service has been discovered on the net.

The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts embedded within HTML emails to be run within a user’s browser instead of being blocked.

Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour." - John Leyden

UPDATES:
* From SANS:
"It was first reported to the ISC at 12:32 UTC and now appears to be circulating in two slightly different variants."
* From SANS
"'Yahoo! is aware of the issue and is working on a fix, in their words "Yahoo! Mail is blocking most of these messages, and is working on a fix."

UPDATE: SANS Link: http://isc.dshield.org/diary.php?storyid=1398
UPDATE: JavaScript/Ajax Worm http://isc.dshield.org/diary.php?storyid=1399
Zdnet Article Link: http://www.zdnetasia.com/news/security/0,39044215,39367249,00.htm
Article Link: http://www.theregister.co.uk/2006/06/12/javscript_worm_targets_yahoo/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!