Printed from www.pcpro.co.uk
Yahoo! says the Yamanner worm is contained
Posted on 14 Jun 2006 at 10:32
A worm that targeted Yahoo! Mail users has now been 'contained' according to the company. Almost 200 million mailboxes were put at risk yesterday with the emergence of a worm dubbed JS.Yamanner@m.
Yahoo! says that it has now issued a patch to all Mail users and no further interaction from customers is necessary. However, as a further precaution, Yahoo advises its subscribers to keep their anti-virus protection up to date and avoid any messages that come from av3@yahoo.com. The vulnerability does not affect the newest version of Yahoo! Mail that is currently in beta.
The worm, written in JavaScript, exploits a vulnerability in Yahoo!'s online mail to execute a script and replicate itself. It sends copies of itself to the user's Yahoo! email address book, to contacts at yahoo.com or yahoogroups.com. However, unlike other worms, it does not require user interaction such as the opening of an attachment. It can be activated by merely by viewing the body of the message that has the heading 'New Graphics Site' in the subject line. The worm redirects the Web browser from Yahoo! Mail to the www.av3.net/index.htm website and transmits a list of email addresses.
The worm uses a JavaScript function used to help upload images from a message to the mail server. Yahoo! Mail uses AJAX - which is based on JavaScript - to provide interaction between the user and the server. However, the worm exploited a loophole in a JavaScript function that allowed it to include its own code instead of the image handling code. The exploitation of the JavaScript vulnerability is a stark warning to web developers to close off any loopholes as AJAX based web pages become more and more common throughout the Internet.
The fallout from the worm not only affected Yahoo! Mail users. Because Yahoo! has close links with BT Broadband, customers with BTInternet mail addresses found their mailboxes filling up with triplicate copies of files and messages that had already been deleted as the mail servers struggled to cope with the traffic. However, BT Broadband users are not directly threatened by the malware itself.
Author: Steve Malone
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
