[WEB SECURITY] JavaScript worm targets Yahoo!

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Mon Jun 12 13:04:15 EDT 2006


I found this on theregister.

"A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo!'s webmail 
service has been discovered on the net.

The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent 
by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts 
embedded within HTML emails to be run within a user’s browser instead of being blocked.

"Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It 
also harvests these address and sends them to a remote internet server. Only contacts with 
an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour."

http://www.theregister.co.uk/2006/06/12/javscript_worm_targets_yahoo/


- admin_ at _@_ at _@_ at _@_cgisecurity.com
http://www.cgisecurity.com/ Website Security news, and more
http://www.cgisecurity.com/index.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list