What's up, what happened, and why not?

JavaScript Exploit Attacks Yahoo Mail Users

JavaScript worm targets Yahoo!
Malware latches onto unpatched flaw
The Register UK

By John Leyden
Published Monday 12th June 2006

A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo!'s webmail service has been discovered on the net. The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts embedded within HTML emails to be run within a user's browser instead of being blocked.

Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.

Infected emails commonly have the subject line "New Graphic Site"

See also:

Yahoo News

PCWorld on Yahoo News

Network World.com

Security Response Symantec.com

2006-06-13 01:48:20 GMT

Comments (8 total)

Author:shantel514

Wow Thanks for the info

2006-06-13 02:03:27 GMT

Author:OldOnliner

Some minor errors in the article quoted are -

(1) It works off the Yahoo mail's web interface. It may or may not contain a payload affecting other mail clients and local PCs. (I don't know for sure, I haven't followed it that closely.)
(2) It affects MAC users who read an infected message on Yahoo Mail's web interface.
(3) It's an embedded JavaScript exploit related to how Yahoo Mail handles the display of HTML formatted messages. It is NOT a virus infecting a person's local machine.

2006-06-13 03:23:16 GMT

Author:zapit333

Hey, thanks for this update, i was reading much about it but never a full explanation. Thanks, have agreat day, zapit333

2006-06-13 12:49:15 GMT

Author:michchick98

How convenient that this virus appeared on the same day Yahoo unveiled the new changes in Yahoo! Groups. Wonder if it's just a really bizarre coincidence?

2006-06-13 23:19:09 GMT

Author:OldOnliner

It was probably created in Google or MSN labs. ;-)

2006-06-13 23:53:22 GMT

Author:sylvie4oldtimes

This is the first I have heard of this, I am going to make a note of ths...I thank you for the info!

2006-06-14 10:19:20 GMT

Author:lil_miss_incognito05

Thanks for the information:)

2006-06-14 10:47:17 GMT

Author:OldOnliner

Further comments/observations on articles appearing based on Yahoo Press Releases:

Let's set things straight...

(1) The virus first appeared on Saturday morning. It grew in intensity until finally being shut off by Yahoo on Monday.

(2) Yahoo never informed any of its users until releasing statements to the press (like this article).

(3) The virus also attacked Yahoo Groups. Yahoo Groups were impacted for 3 days by the overwhleming flow of spew from this JavaScript virus.

(4) There was nothing to distribute to users, it was the way Yahoo Mail pages were coded and the way Yahoo Mail servers handled things that needed fixing.

(5) It wasn't recognized or dealt with until Monday. This is SOP in Yahooville. Problems crop up every weekend and every Monday somebody fixes them. Pattern fact... reason? Only assume that there's never any one home at Yahoo on weekends. Abusers love this scenario.

2006-06-14 12:05:26 GMT

Site Home