[WEB SECURITY] JavaScript worm targets Yahoo!

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Mon Jun 12 13:04:15 EDT 2006

I found this on theregister.

"A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo!'s webmail 
service has been discovered on the net.

The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent 
by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts 
embedded within HTML emails to be run within a user’s browser instead of being blocked.

"Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It 
also harvests these address and sends them to a remote internet server. Only contacts with 
an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour."


- admin_ at _@_ at _@_ at _@_cgisecurity.com
http://www.cgisecurity.com/ Website Security news, and more
http://www.cgisecurity.com/index.rss [RSS Feed]

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list