Thanks to member siddhs for the heads up on this.
Monday Symantec released an advisory concerning a vulnerability in Yahoo Mail that is currently being exploited by JS.Yamanner@m, a new worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts. At the time the advisory was issued there was no patch for the vulnerability, but by the end of the day Monday Yahoo said that it had a fix for the flaw and that very few of its customers had been affected. This vulnerability only exists in Yahoo Mail and does not affect users of the latest version of Yahoo Mail Beta.
View: Symantec Advisory
News source: ZDNet Asia
Monday Symantec released an advisory concerning a vulnerability in Yahoo Mail that is currently being exploited by JS.Yamanner@m, a new worm that is written in JavaScript. It exploits a vulnerability in the Yahoo email service to send a copy of itself to the user's Yahoo email contacts. At the time the advisory was issued there was no patch for the vulnerability, but by the end of the day Monday Yahoo said that it had a fix for the flaw and that very few of its customers had been affected. This vulnerability only exists in Yahoo Mail and does not affect users of the latest version of Yahoo Mail Beta.
View: Symantec Advisory News source: ZDNet Asia
"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected."
Anyway, it was to be expected that the javascript vulnerability would be exploited, I'm just glad they didn't use it on Windows Live Mail or Gmail, I'd be pretty ****ed
Here is a screenshoot:
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.