Tweet
A new worm, dubbed the "Yamanner worm" that exploits a Javascript vulnerability in Yahoo! Mail, has been detected by Yahoo!
Yahoo! said a very small fraction of its base of over 200 million accounts is infected by the worm. While security firms such as Trend Micro and McAfee rated the virus as having a low threat level, Symantec called it an "elevated threat".
In its advisory, Symantec said that the Yamanner worm targets all versions of Yahoo! Web-based mail except the latest beta version, and that Yahoo! Mail users might be able to protect themselves by upgrading to the latest test version of Yahoo! Mail.
While there was no patch for the Javascript flaw at the time of Symantec's advisory, Yahoo! later said it had come up with a fix for the hole.
A spokesperson for Yahoo! said that the company has taken steps to resolve the issue, to protect users from further attacks of the worm. The spokesperson said that the solution had been automatically distributed to all Yahoo! Mail customers, and that no additional action on the part of users was now required.
The Yamanner worm landed in Yahoo! mailboxes, bearing the subject header "New Graphic Site". Once the message was opened, the computer became infected, and the worm spread itself to other users on the Yahoo! email contact list. Apparently, the harvested email addresses were also sent to a remote online server.
Experts at Symantec are of the view that the worm has selected a pretty novel approach, in that it takes advantage of a JavaScript vulnerability so that the user does not even have to click on an attachment to get infected.
As per Symantec's advisory, systems affected by Yamanner include Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP.
Yahoo! said a very small fraction of its base of over 200 million accounts is infected by the worm. While security firms such as Trend Micro and McAfee rated the virus as having a low threat level, Symantec called it an "elevated threat".
In its advisory, Symantec said that the Yamanner worm targets all versions of Yahoo! Web-based mail except the latest beta version, and that Yahoo! Mail users might be able to protect themselves by upgrading to the latest test version of Yahoo! Mail.
While there was no patch for the Javascript flaw at the time of Symantec's advisory, Yahoo! later said it had come up with a fix for the hole.
A spokesperson for Yahoo! said that the company has taken steps to resolve the issue, to protect users from further attacks of the worm. The spokesperson said that the solution had been automatically distributed to all Yahoo! Mail customers, and that no additional action on the part of users was now required.
The Yamanner worm landed in Yahoo! mailboxes, bearing the subject header "New Graphic Site". Once the message was opened, the computer became infected, and the worm spread itself to other users on the Yahoo! email contact list. Apparently, the harvested email addresses were also sent to a remote online server.
Experts at Symantec are of the view that the worm has selected a pretty novel approach, in that it takes advantage of a JavaScript vulnerability so that the user does not even have to click on an attachment to get infected.
As per Symantec's advisory, systems affected by Yamanner include Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP.