A new JavaScript worm has been identified that exploits an unpatched vulnerability in Yahoo! web mail.
According to Symantec, which identified the worm on Monday, the vulnerability in Yahoo! web mail enables scripts embedded in HTML e-mails to be run by the user’s browser that are normally blocked by Yahoo! Mail for security reasons.
The worm, JS.Yamanner@m, spreads from person to person when the user opens an e-mail that is originally sent by the worm. The worm then sends itself to the user’s contacts that also use Yahoo! Mail, while sending those e-mail addresses to a remote server on the internet.
Only those using contacts with an e-mail address that is “@yahoo.com” or “@yahoogroups.com” will be affected by this. Symantec Security Response has categorised JS.Yamanner as a level-two threat.
California-based Symantec provides solutions to help individuals and enterprises assure the security, availability and integrity of their information.
Kevin Hogan, senior manager at Symantec Security Response, commented: “This worm is a twist on the traditional mass-mailing worms that we have seen in recent years, and is very much in line with the trend for threats that target personal information.
“Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a security hole in the Yahoo! web mail programme in order to spread to other Yahoo! users. Users of Yahoo! Mail Beta do not appear to be vulnerable to JS.Yamanner.”
The email can be distinguished by its title and contents:
From: [email protected]
Subject: New Graphic Site
Body: this is test
Additionally, if users inadvertently opens this infected e-mail, they will also see that their browser window is redirected to display the webpage associated with the URL “www.av3.net/index.htm”.
“Yahoo is a popular e-mail tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of internet users. As there is no patch at present, users are recommended to update virus definitions and firewall signatures and to block any e-mails sent from [email protected],” concluded Hogan.
For more information, visit Securityresponse.symantec.com.