Yahoo Webmail Worm on the Loose

Security experts are warning of a new e-mail worm that takes advantage of a flaw in Yahoo's Web mail system to redirect users to advertising sites and to spread the worm to everyone in the victim's e-mail address book.

According to an advisory issued by Symantec, "JS.Yamanner" exploits an unpatched Javascript vulnerability that kicks in when the user opens an e-mail infected by the worm. Unlike most e-mail-based worms -- which launch when the recipient clicks on an infected file attachment -- this one spreads merely by getting the user to open the e-mail.

There may well be different versions of this bugger going around, but the one being tracked at the moment has "[email protected]" in the sender field, with the subject "New Graphic site." Symantec said users of Yahoo Mail Beta do not appear to be vulnerable to the worm.....

To read the rest of the article, click here...