JavaScript Worm Targets Yahoo Mail

JavaScriptSearch
Tuesday, June 13, 2006; 02:05 AM

A worm, written in JavaScript, exploits vulnerability in Yahoo's online mail service to propagate itself, announced security vendor Symantec.  The so-called JS.Yamanner@m worm sends copies of  itself  to the user's Yahoo email contacts.  It does not require the opening of an attachment and can be activated by simply viewing the body of a message.

So far impact has been low, according to various sources. The worm cannot run on the newest version of Yahoo Mail Beta. Symantec rated the worm as a Level 2 threat on a five-level threat rating, one level above its least harmful ranking.

When activated, the worms sends itself to email addresses from the address book, ending in @yahoo.com or @yahoogroups.com.  The worm also opens a new browser window that does not appear to contain dangerous content.

Until Yahoo fixes the problem, users are advised to update virus and firewall definitions and block any email messages sent from [email protected].  Turning off JavaScript in the browser also prevents the worm from running.

Symantec's advisories are available at securityresponse.symantec.com .