Promo: B.Sc. Info Systems, Trinity
IT workers face the challenge of developing their communications, business and management skills.
» more
The crunch crushes the IT sector?
Whilst numbers take a tumble on stock markets IT managers will be forced to recalculate.
» more
Web Pick: Live Mesh Tech Preview
This online app will provide you with a whole lot of peace of mind for that day your PC dies.
» more

SECURITY

JavaScript worm targets Yahoo

12-06-2006

by The Register

A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo's webmail service has been discovered on the net.

The JS-Yamanner worm spreads when a Windows user accesses Yahoo Mail to open an e-mail sent by the worm. The attack works because of a vulnerability in Yahoo Mail that enables scripts embedded within HTML e-mails to be run within a user's browser instead of being blocked.

Once executed, the worm forwards itself to an infected users' contacts on Yahoo Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an e-mail address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.

Infected e-mails commonly have the subject line "New Graphic Site" and are spoofed so as to appear from "av3@yahoo.com". Users who open infected e-mails will be redirected to a webpage at www.av3.net/index.htm.

Symantec Security Response senior manager Kevin Hogan said: "Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS-Yamanner makes use of a security hole in the Yahoo webmail programme in order to spread to other Yahoo users. Yahoo is a popular e-mail tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of internet users.

"As there is no patch at present, users are recommended to update virus definitions and firewall signatures and to block any e-mails sent from av3@yahoo.com."

Click here to make ENN your home page

VIDEO REVIEW

Dell not dull; sees red
Dell adds a splash of colour to its latest laptop range, but is this enough, or do consumers want an edgier look? » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

<a href='http://openx.enn.ie/www/delivery/ck.php?n=af6c6082&cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE&n=af6c6082' border='0' alt='' /></a>
<a href='http://openx.enn.ie/www/delivery/ck.php?n=a5c6ffca&cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=6&cb=INSERT_RANDOM_NUMBER_HERE&n=a5c6ffca' border='0' alt='' /></a>
<a href='http://openx.enn.ie/www/delivery/ck.php?n=a7dee0d0&cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://openx.enn.ie/www/delivery/avw.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE&n=a7dee0d0' border='0' alt='' /></a>

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here

Promo: B.Sc. Info Systems, Trinity

The crunch crushes the IT sector?

Web Pick: Live Mesh Tech Preview