Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Wriggles Through Yahoo! Mail Flaw

Posted by ryuzaki0 on from the descriptive-imagery dept.

Jasen Bell writes to mention a ZDNet article about a clever new worm affecting users of Yahoo!'s email service. The virus uses a flaw in JavaScript to infect a computer when an email is opened from the user's web-based mail. From the article: "The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said. Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.' The security vendor uses a 1-to-5 rating system, with '5' as its most severe category."

2 of 186 comments (clear)

  1. The warm may not be as "innocent" by trifish · · Score: 4, Informative

    Some people tend to think that this worm is harmless (just "spreading itself"). But the worm actually sends the harvested email adresses to an external site - www.av3.net [which I wouldn't dare to browse to].

    Here are the technical details of the worm:

    1) Arrives on the compromised computer as an HTML email containing Javascript. The email may have the following characteristics:

    From: Varies
    Subject: New Graphic Site
    Message body: Note: forwarded message attached.

    2) Once the email is opened the worm exploits a vulnerability in the Yahoo email service to run a script.

    3) Sends a copy of itself to certain email addresses gathered from the Yahoo email folders.

    4) Targets email addresses from the @yahoo.com and @yahoogroups.com domains.

    5) Contacts the following URL:

    [http://]www.av3.net/index.htm

    6) Sends a list of email addresses gathered to the above URL.

  2. Re:Medireview virus attacks yahoo. by larkost · · Score: 4, Informative

    The poster's question is valid. He/she is asking if the JavaScript worm can actually do anything other that work within the browser, as in how can the worm "infect" the computer. The answer is that it can't. It only harvests the email addresses that are on your Yahoo addressbook, and emails itself to them, once again though Yahoo. So everything is done within the browser, and there is no compromise outside the browser's sandbox.

    With a little creativity, this could be extended to grab a file off the HD, and send the data to any site it chose, but it does not sound like that is the case here.