main

New Worm Takes Advantage of Yahoo Mail Flaw

Shane Pitman   on 13 June 2006 - 16:42 · 3 comments & 3500 views

Advertisement (Why?)
Thanks to member siddhs for the heads up on this.
Monday Symantec released an advisory concerning a vulnerability in Yahoo Mail that is currently being exploited by JS.Yamanner@m, a new worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts. At the time the advisory was issued there was no patch for the vulnerability, but by the end of the day Monday Yahoo said that it had a fix for the flaw and that very few of its customers had been affected. This vulnerability only exists in Yahoo Mail and does not affect users of the latest version of Yahoo Mail Beta.

View: Symantec Advisory

News source: ZDNet Asia




Post a comment · Send to friend Comments · There are 3 additional comments
#1 Mr_Mo on 13 Jun 2006 - 17:27
Tsk, tsk:
"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected."
(1 reply) #2 xorian on 13 Jun 2006 - 17:33
Typos detected: "and" => "an", "avulnerability" => "a vulnerability", "tothe" => "to the"! ( I got exam English in a few days )

Anyway, it was to be expected that the javascript vulnerability would be exploited, I'm just glad they didn't use it on Windows Live Mail or Gmail, I'd be pretty ****ed
#2.1 TheGriffin on 13 Jun 2006 - 18:03
Yeah that's because WLM and GMail use AJAX. The new Yahoo! Mail BETA uses AJAX.

Here is a screenshoot:

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)