Printed from www.pcpro.co.uk
Yahoo! says the Yamanner worm is contained
Posted on 14 Jun 2006 at 10:32
A worm that targeted Yahoo! Mail users has now been 'contained' according to the company. Almost 200 million mailboxes were put at risk yesterday with the emergence of a worm dubbed JS.Yamanner@m.
Yahoo! says that it has now issued a patch to all Mail users and no further interaction from customers is necessary. However, as a further precaution, Yahoo advises its subscribers to keep their anti-virus protection up to date and avoid any messages that come from av3@yahoo.com. The vulnerability does not affect the newest version of Yahoo! Mail that is currently in beta.
The worm, written in JavaScript, exploits a vulnerability in Yahoo!'s online mail to execute a script and replicate itself. It sends copies of itself to the user's Yahoo! email address book, to contacts at yahoo.com or yahoogroups.com. However, unlike other worms, it does not require user interaction such as the opening of an attachment. It can be activated by merely by viewing the body of the message that has the heading 'New Graphics Site' in the subject line. The worm redirects the Web browser from Yahoo! Mail to the www.av3.net/index.htm website and transmits a list of email addresses.
The worm uses a JavaScript function used to help upload images from a message to the mail server. Yahoo! Mail uses AJAX - which is based on JavaScript - to provide interaction between the user and the server. However, the worm exploited a loophole in a JavaScript function that allowed it to include its own code instead of the image handling code. The exploitation of the JavaScript vulnerability is a stark warning to web developers to close off any loopholes as AJAX based web pages become more and more common throughout the Internet.
The fallout from the worm not only affected Yahoo! Mail users. Because Yahoo! has close links with BT Broadband, customers with BTInternet mail addresses found their mailboxes filling up with triplicate copies of files and messages that had already been deleted as the mail servers struggled to cope with the traffic. However, BT Broadband users are not directly threatened by the malware itself.
Author: Steve Malone
advertisement
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Do I like Windows 7 because it's so like a Mac?
- No Windows 7 drivers turn Dell M1330 into a doorstop
- Is Windows 7 good looking enough to sway an Apple fan?
- Typekit brings print-like typography to the web
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
