Tuesday, June 13, 2006 8:08 AM cmosby

F-Secure : News from the Lab - Yamanner - JavaScript worm that targets Yahoo! Mail

More on the Yahoo Javascript worm, as more antivirus companies provide protection.
Yamanner - JavaScript worm that targets Yahoo! Mail Posted by Katrin @ 10:13 GMT

Yahoo! Mail

There has been some media attention on the new JavaScript worm Yamanner that targets Yahoo! webmail and groups.

The Yamanner worm does not send itself as an attachment, it resides inside the e-mail body. The worm activates automatically by just opening an infected e-mail message with Internet Explorer. It uses a 0-day vulnerability in Yahoo! webmail system.

The infected e-mail sent to Yahoo! users look as follows:

Subject: New Graphic Site
Body: Note: forwarded message attached.

This type of worm is not a surprise - it has been theorized since at least 2001. Yamanner is however the first worm to be realized in the wild.

yahoo new graphic site

F-Secure : News from the Lab - June of 2006.
Filed under:

Comments

# ha.ckers.org security lab - Archive » 43things.com XSS attack

Wednesday, June 14, 2006 12:50 AM by ha.ckers.org security lab - Archive » 43things.com XSS attack

PingBack from http://ha.ckers.org/blog/20060613/43thingscom-xss-attack/

# ha.ckers.org web application security lab - Archive » Nduja Cross Domain/Webmail XSS Worm

Tuesday, July 10, 2007 1:22 AM by ha.ckers.org web application security lab - Archive » Nduja Cross Domain/Webmail XSS Worm

Pingback from  ha.ckers.org web application security lab  - Archive  » Nduja Cross Domain/Webmail XSS Worm