also @ TechSpot: Google launches Top Charts to show what the world is searching for

Yahoo's webmail users victim of new JavaScript worm

By Justin Mann

On June 12, 2006, 11:19 AM

Users of Yahoo's webmail service beware, a new worm has been released into the wild that specifically targets people using that particular Yahoo service. The worm, called JS-Yamanner, is based on JavaScript and exploits a vulnerability in JavaScript that allows embedded scripts in mail messages to run unchecked. Once properly infected, the worm goes about its propagation by sending itself to all contacts on a Yahoo mail list, along with collecting a list of email addresses and calling home with a copy of them. It appears that only addresses ending in @yahoo.com or @yahoogroups.com are affected by this, though clearly it has the potential to go much further.

Until Yahoo patches their webmail software to properly check and block for these attacks, an updated virus scanner is as always suggested. Any machine on the Internet should always be kept up to date with security patches available for it.

No tags on this story

6 comments

User Comments: 6

Got something to say? Post a comment
  1. June 12, 2006 2:39 PM
    DragonMaster said:
    Well, I use Yahoo POP mail with Thunderbird, and am not on a .com so I'm OK.
    Reply
  2. June 12, 2006 5:26 PM
    Canadian said:
    I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?
    Reply
  3. June 12, 2006 5:45 PM
    DragonMaster said:
    Sigh! Now it was sent to a Yahoo group I'm suscribed in.It's not only from av3@yahoogroups.com anymore!
    Reply
  4. June 13, 2006 4:48 AM
    cynsheridan said:
    So, any ideas how to get rid of this thing? (for the IT-stupid?)
    Reply
  5. June 13, 2006 1:05 PM
    cathyh said:
    [b]Originally posted by Canadian:[/b][quote]I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?[/quote]please send me an invitation. i wanna have a gmail account thanks
    Reply
  6. June 13, 2006 2:18 PM
    DragonMaster said:
    [quote] So, any ideas how to get rid of this thing? (for the IT-stupid?)[/quote]If you still receive these messages, don't open and delete them. To remove it, clean your browser cache. (In fact, the script only executes itself when you open the "New Graphic Site" message. It's not doing anything else when you don't open it. The bug has been fixed by Yahoo anyways.)
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Keyboards

Downloads and Drivers

Downloads   Drivers  

WinISO 6.3.0.4891

Earth Alerts 2013.1.84

Wise Care 365 2.4.6

SafeIP 2.0.0.1019

AVG Antivirus Uninstall Utility 2013.3341

More Downloads

Latest Discussion

Does anyone have experience with iolo System Mechanic? Words of advice? 12 replies on Software Apps

Need help with upgrading 11 replies on Processors and Motherboards

Monitor - No display when i put my HD6670 into motherboard 5 replies on Audio and Video

How did my Windows key become disabled? 15 replies on Other Hardware

Screen saver stop working after installing Norton 12 replies on Software Apps

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.