OT: nasty bug bits Yahoo Mail and Yahoo Groups
Deidre
deidre at panix.com
Mon Jun 12 22:30:46 UTC 2006
If you get any email from any Yahoogroups list that has as the
subject line "New Graphics Site", don't open it, please, and just
delete it. It's not only spam, but the attachment has a virus that
attacks your address book and sends the viri-laden spam to any
addresses that you have in your address book.
Here's some info on it:
<http://www.networkworld.com/news/2006/061206-yahoo-e-mail-under-worm-att
ack.html>
http://www.theregister.co.uk/2006/06/12/javscript_worm_targets_yahoo/
JavaScript worm targets Yahoo!
Malware latches onto unpatched flaw
By John
<<http://forms.theregister.co.uk/mail_author/?story_url=/2006/06/12/javsc>http://forms.theregister.co.uk/mail_author/?story_url=/2006/06/12/javsc
ript_worm_targets_yahoo/> Leyden
Published Monday 12th June 2006 15:28 GMT
Security
<<http://sel.as-eu.falkag.net/sel?cmd=lnk&kid=264075&bid=938413&dat=17649>http://sel.as-eu.falkag.net/sel?cmd=lnk&kid=264075&bid=938413&dat=17649
1&opt=0&rdm=20060517> White Papers - Download them free from Reg
Research
A JavaScript worm that takes advantage of an unpatched vulnerability in
Yahoo!'s webmail service has been discovered on the net.
The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to
open an email sent by the worm. The attack works because of a
vulnerability in Yahoo! Mail that enables scripts embedded within HTML
emails to be run within a user's browser instead of being blocked.
Once executed, the worm forwards itself to an infected users' contacts
on Yahoo! Mail. It also harvests these address and sends them to a
remote internet server. Only contacts with an email address of either
@yahoo.com or @yahoogroups.com are hit by this behaviour.
Infected emails commonly have the subject line "New Graphic Site" and
are spoofed so as to appear from "av3 at yahoo.com". Users who open
infected emails will be redirected to a webpage at
www.av3.net/index.htm.
Symantec Security Response senior manager Kevin Hogan said: "Unlike its
predecessors, which would require the user to open an attachment in
order to launch and propagate, JS-Yamanner makes use of a security hole
in the Yahoo! web mail program in order to spread to other Yahoo! users.
Yahoo! is a popular email tool, and although normally closed to such
threats, the exploitation of this vulnerability provides access to a
significant number of internet users.
"As there is no patch at present, users are recommended to update virus
definitions and firewall signatures and to block any emails sent from
av3 at yahoo.com." R
[Non-text portions of this message have been removed]
More information about the HPFGU-Movie
archive