Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Wriggles Through Yahoo! Mail Flaw

Posted by ryuzaki0 on from the descriptive-imagery dept.

Jasen Bell writes to mention a ZDNet article about a clever new worm affecting users of Yahoo!'s email service. The virus uses a flaw in JavaScript to infect a computer when an email is opened from the user's web-based mail. From the article: "The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said. Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.' The security vendor uses a 1-to-5 rating system, with '5' as its most severe category."

9 of 186 comments (clear)

  1. Copies available by Anonymous Coward · · Score: 1, Funny

    I have a copy of this. I can forward it to anyone with a Yahoo! Mail account for further inspection. Isn't Open Source wonderful?

  2. Can't we all just leave each other alone? by NotQuiteReal · · Score: 3, Funny

    Ironically, those of us with no contacts in our yahoo mail make for the best of friends!

    --
    This issue is a bit more complicated than you think.
  3. Re:JavaScript and CSS by fputs(shit,+slashdot · · Score: 2, Funny
    Redesign CSS now so it does not depend on enabling JavaScript.
    Try:
    crack-cocaine { smoke: false; }
    --
    I am the bastard of base minus 12! Turing was the ejaculate of my complete machine!
  4. Re:Exploits a javascript bug? by 99BottlesOfBeerInMyF · · Score: 2, Funny

    The article is lacking many details, like specifically which browsers seem to be vulnerable to this problem, or even if this is a browser bug that it is exploiting.... It could be a server side problem they are exploiting, or a client side browser bug.

    It is a server side bug. They allow javascript to run in mail messages.

    It says the vulnerable systems are every Windows OS, so it appears to be a client side problem with Internet Exploder

    I saw it work under OS X 10.4 and Safari in my GF's account. For slightly more info check out this link.

  5. Re:First reported by Sloppy · · Score: 2, Funny
    My question is: who thought it was a good idea to enable JavaScript in emails?

    My question is: who thought it was a good idea to enable Javascript in web browsers?

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  6. Re:Fixed. by tehwebguy · · Score: 2, Funny
    yes, actually i was the one who came up with the fix for it.
    it went something like this:
    $body = strip_tags($body);
    --
    -- lol pwned
  7. Re:"This worm is a 2." by format1337 · · Score: 2, Funny

    we're at terror alert orange! Which means something might go down somewhere in some way at some point in time. So look sharp!

  8. Re:Javascript == web security problem number 1 by GabboFlabbo · · Score: 2, Funny
    Users: disable javascript Devs: Make sure your site is functional without javascript What's so difficult to grasp here?
    I agree 99%. I'd also recommend turning off your computer and hiding under your desk.
  9. Re:First reported by ch-chuck · · Score: 2, Funny

    Somewhere, there's an advertising executive with big bucks who thinks it would be a great idea to enable ring-0 kernel mode privilidged assembly code in email so they can not only install a new graphics driver, but also set the screen resolution and audio level to appropriate levels for optimum customer experience of their special purchasing opportunity announcements.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }