Yahoo! says the Yamanner worm is contained

A worm that targeted Yahoo! Mail users has now been ‘contained’ according to the company. Almost 200 million mailboxes were put at risk yesterday with the emergence of a worm dubbed [email protected]

Yahoo! says that it has now issued a patch to all Mail users and no further interaction from customers is necessary. However, as a further precaution, Yahoo advises its subscribers to keep their anti-virus protection up to date and avoid any messages that come from [email protected] The vulnerability does not affect the newest version of Yahoo! Mail that is currently in beta.

The worm, written in JavaScript, exploits a vulnerability in Yahoo!’s online mail to execute a script and replicate itself. It sends copies of itself to the user’s Yahoo! email address book, to contacts at yahoo.com or yahoogroups.com. However, unlike other worms, it does not require user interaction such as the opening of an attachment. It can be activated by merely by viewing the body of the message that has the heading ‘New Graphics Site’ in the subject line. The worm redirects the Web browser from Yahoo! Mail to the www.av3.net/index.htm website and transmits a list of email addresses.

The worm uses a JavaScript function used to help upload images from a message to the mail server. Yahoo! Mail uses AJAX – which is based on JavaScript – to provide interaction between the user and the server. However, the worm exploited a loophole in a JavaScript function that allowed it to include its own code instead of the image handling code. The exploitation of the JavaScript vulnerability is a stark warning to web developers to close off any loopholes as AJAX based web pages become more and more common throughout the Internet.

The fallout from the worm not only affected Yahoo! Mail users. Because Yahoo! has close links with BT Broadband, customers with BTInternet mail addresses found their mailboxes filling up with triplicate copies of files and messages that had already been deleted as the mail servers struggled to cope with the traffic. However, BT Broadband users are not directly threatened by the malware itself.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.