Email harvester automatically executes when a user opens the message
vnunet.com, 13 Jun 2006
Yahoo has repaired a vulnerability in its Yahoo Mail service that allowed a worm to harvest email addresses from user accounts and further spread itself.
The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service.
JS/Yamanner uses JavaScript to exploit a flaw that was unpatched until today. Yahoo fixed the vulnerability late on Monday.
"We have taken steps to resolve the issue and protect our users from further attacks by this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user, " said Yahoo spokeswoman Kelley Podboy in a statement.
JS/Yamanner was sent to addresses in the yahoo.com and yahoogroups.com domains. It appears to be sent from av3@yahoo.com and has 'New Graphic Site' as its subject.
The worm was probably attempting to harvest email addresses for spam purposes.
This week we cover the continuing controversy surrounding the Orange T-Mobile deal
Using managed services to protect mobile data users from the latest security threats
Counting the cost of data security: the benefits of secured mobile services
Shifting Disaster Recovery targets with SharePoint and SQL server configurations
Using a hostbased recovery system for mission-critical systems
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Replacement warning functioning normally, claims software giant
Annual initiative warns of phishing, ID theft and social network...
Do you agree?
Have your say on this article