Yahoo email worm can infect without clicking attachments

Marc

Fully vaccinated are you?
Leader
From iTWire:
Yahoo email worm can infect without clicking attachments

By Stan Beer
Tuesday, 13 June 2006
Security vendor Symantec has identified a new JavaScript worm that exploits an unpatched vulnerability in Yahoo!'s web-based e-mail program. The worm can infect users' machines merely by opening a rogue email message - users do not even have to open an attachment for their system to get infected.

The worm - JS.Yamanner@m - spreads itself to the user's Yahoo! e-mail contacts when the user opens an e-mail infected by the worm. JS.Yamanner then sends these e-mail addresses to a remote server on the Internet. Only those using contacts with an e-mail address that is @yahoo.com or @yahoogroups.com are impacted by this worm. Users of Yahoo! Mail Beta do not appear to be vulnerable to JS.Yamanner.

The number of users of Yahoo's email has been estimated to be as high as 100 million

JS.Yamanner exploits a vulnerability that enables scripts embedded in HTML e-mails to be run by the user's browser. These scripts are normally blocked by Yahoo! Mail for security reasons so Symantec has categorised worm as a relatively low Level 2 threat (on a scale of 1 to 5, with 5 being most severe).

Additionally, if users inadvertently open an infected e-mail, they will also see that their browser window is re-directed to display the Web page associated with the URL: http://www.av3.net/index.htm.

"This worm is a twist on the traditional mass-mailing worms that we have seen in recent years," said Dave Cole, director at Symantec Security Response. "Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a previously-unknown security hole in the Yahoo! Web mail program in order to spread to other Yahoo! users and harvests user information for possible future attacks."

Symantec has advised that *** there is no patch at present, users should update antivirus definitions and firewall signatures and to block any e-mails sent from av3[at]yahoo.com.
 
Top Bottom