also @ TechSpot: Is Apple's USB wall adapter really worth $29?

Yahoo's webmail users victim of new JavaScript worm

By

On June 12, 2006, 11:19 AM EST

Users of Yahoo's webmail service beware, a new worm has been released into the wild that specifically targets people using that particular Yahoo service. The worm, called JS-Yamanner, is based on JavaScript and exploits a vulnerability in JavaScript that allows embedded scripts in mail messages to run unchecked. Once properly infected, the worm goes about its propagation by sending itself to all contacts on a Yahoo mail list, along with collecting a list of email addresses and calling home with a copy of them. It appears that only addresses ending in @yahoo.com or @yahoogroups.com are affected by this, though clearly it has the potential to go much further.

Until Yahoo patches their webmail software to properly check and block for these attacks, an updated virus scanner is as always suggested. Any machine on the Internet should always be kept up to date with security patches available for it.

No tags on this story

6 comments

User Comments (6)

Post a comment
DragonMaster
on June 12, 2006
2:39 PM 		Well, I use Yahoo POP mail with Thunderbird, and am not on a .com so I'm OK.

Reply

Canadian
on June 12, 2006
5:26 PM 		I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?

Reply

DragonMaster
on June 12, 2006
5:45 PM 		Sigh! Now it was sent to a Yahoo group I'm suscribed in.It's not only from av3@yahoogroups.com anymore!

Reply

cynsheridan
on June 13, 2006
4:48 AM 		So, any ideas how to get rid of this thing? (for the IT-stupid?)

Reply

cathyh
on June 13, 2006
1:05 PM 		[b]Originally posted by Canadian:[/b][quote]I am perfectly happy with my gmail, lol. Speaking of that, anyone need a gmail invite?[/quote]please send me an invitation. i wanna have a gmail account thanks

Reply

DragonMaster
on June 13, 2006
2:18 PM 		[quote] So, any ideas how to get rid of this thing? (for the IT-stupid?)[/quote]If you still receive these messages, don't open and delete them. To remove it, clean your browser cache. (In fact, the script only executes itself when you open the "New Graphic Site" message. It's not doing anything else when you don't open it. The bug has been fixed by Yahoo anyways.)

Reply

Browse more commented news

Post a new comment

Guest user

To post as an anonymous
user click here.

Members

If you are a TechSpot member,
please login first.


By signing up you gain complete access to the TechSpot community. Join thousands of computer and technology enthusiasts that contribute and share knowledge in our forum. Post messages, get a private inbox, upload your own photo gallery and more.

Most Popular

Trending Featured
More Trending Topics

Editors' Storage Picks

Downloads & Drivers

Downloads   Drivers  

GMABooster 2.1a

HaoZip 2.8

Defraggler 2.10.413

The Cleaner 2012 8.1.0.1110

WinISO 6.2.0.4526

More Downloads

Related Discussion

Compaq Presario CQ61 screen LCD cable change but not working

Laptop screen messed up

Reclaim D partition?

Are these computer parts compatible

RAID drives into new system?

More at the Forums

Subscribe to TechSpot

Get free exclusive content, learn about new features and tech breaking news.