JavaScript Worm Targets Yahoo Mail Users
Yahoo Mail users should not open any e-mails sent from av3@yahoo.com, according to Symantec, because simply viewing the e-mail will unleash a JavaScript worm that exploits an unpatched security hole in Yahoo's current mail software.
The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts embedded within HTML emails to be run within a users browser instead of being blocked.
Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.
Infected emails commonly have the subject line "New Graphic Site" and are spoofed so as to appear from "av3@yahoo.com". Users who open infected emails will be redirected to a webpage at www.av3.net/index.htm.
It is important to note that, unlike previous worms which required the user to open an attachment, this worm exploits an unpatched security hole as soon as the e-mail is viewed.
Yahoo should move quickly to patch this hole, but until it is closed, Yahoo Mail users should block the address av3@yahoo.com.
Comments
zoton
Kuwait
November 2005
JUN 12, 2006 09:44 AM
nevabelle
HOPEFUL
I'm lost
JUN 13, 2006 06:21 PM