Yahoo's webmail users victim of new JavaScript worm

By Justin Mann on June 12, 2006, 11:19 AM
Users of Yahoo's webmail service beware, a new worm has been released into the wild that specifically targets people using that particular Yahoo service. The worm, called JS-Yamanner, is based on JavaScript and exploits a vulnerability in JavaScript that allows embedded scripts in mail messages to run unchecked. Once properly infected, the worm goes about its propagation by sending itself to all contacts on a Yahoo mail list, along with collecting a list of email addresses and calling home with a copy of them. It appears that only addresses ending in @yahoo.com or @yahoogroups.com are affected by this, though clearly it has the potential to go much further.

Until Yahoo patches their webmail software to properly check and block for these attacks, an updated virus scanner is as always suggested. Any machine on the Internet should always be kept up to date with security patches available for it.




User Comments: 6

Got something to say? Post a comment
DragonMaster said:
Well, I use Yahoo POP mail with Thunderbird, and am not on a .com so I'm OK.
Canadian said:
I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?
DragonMaster said:
Sigh! Now it was sent to a Yahoo group I'm suscribed in.It's not only from av3@yahoogroups.com anymore!
cynsheridan said:
So, any ideas how to get rid of this thing? (for the IT-stupid?)
cathyh said:
[b]Originally posted by Canadian:[/b][quote]I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?[/quote]please send me an invitation. i wanna have a gmail account thanks
DragonMaster said:
[quote] So, any ideas how to get rid of this thing? (for the IT-stupid?)[/quote]If you still receive these messages, don't open and delete them. To remove it, clean your browser cache. (In fact, the script only executes itself when you open the "New Graphic Site" message. It's not doing anything else when you don't open it. The bug has been fixed by Yahoo anyways.)
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.