Yahoo's webmail users victim of new JavaScript worm

By Justin Mann on June 12, 2006, 11:19 AM
Users of Yahoo's webmail service beware, a new worm has been released into the wild that specifically targets people using that particular Yahoo service. The worm, called JS-Yamanner, is based on JavaScript and exploits a vulnerability in JavaScript that allows embedded scripts in mail messages to run unchecked. Once properly infected, the worm goes about its propagation by sending itself to all contacts on a Yahoo mail list, along with collecting a list of email addresses and calling home with a copy of them. It appears that only addresses ending in @yahoo.com or @yahoogroups.com are affected by this, though clearly it has the potential to go much further.

Until Yahoo patches their webmail software to properly check and block for these attacks, an updated virus scanner is as always suggested. Any machine on the Internet should always be kept up to date with security patches available for it.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.