A new worm targeting the popular email service of Yahoo is quietly spreading across the Internet, exploiting vulnerabilities in JavaScript.
 |
| Source: BBC |
The worm, named Yamanner, attacks all versions of Yahoo Mail!, except for the latest beta version, security firm Symantec warns. At the time of Symantec’s alert, the JavaScript vulnerability had not been patched, but by the end of the day yesterday, Yahoo announced that it had completed a fix.
According to Yahoo, the patch will be automatically distributed to all existing Mail accounts in Yahoo Mail and will close the vulnerability without any action or intervention from users. Yahoo also stated that the number of Yahoo Mail users affected by the incident is “very few.”
Yamanner “knocks on the door” of users’ Yahoo mailboxes with the subject line “New Graphic Site.” Once the email is opened, the computer becomes infected with the worm, and Yamanner can quickly spread to all the names in the email’s contact list.
These email addresses are also sent back to a remote server. Symantec suspects that the creator of Yamanner will use this information for future spam campaigns.
“Yamanner has a completely new approach to users. It exploits flaws in JavaScript, so users can become infected without even clicking on an attachment,” said Dean Turner, an expert from Symantec.
According to Turner, although it only appeared yesterday afternoon, Yamanner has already communicated with the remote server over 100,000 times, carrying information that it “harvested.”
It is still too early to predict whether this worm will evolve into other forms or attack other browser-based email services like Gmail.
The systems affected by the Yamanner worm include Windows 2000, Windows 95, Windows Me, Windows NT, Windows Server 2003, and Windows XP.
Thien Y
