Version: 2008
  • On TV.com: 5 SCARIEST Episodes in TV History

June 12, 2006 1:32 PM PDT

Worm wriggles through Yahoo mail flaw

  • 28 comments
A new worm that targets Yahoo e-mail users is on the loose, taking advantage of an JavaScript flaw, a security company has warned.

The Yamanner worm targets all versions of Yahoo Web-based mail except the latest beta version, Symantec said in an advisory released Monday.

At the time of the advisory, there was no patch for the vulnerability. But by later on Monday, Yahoo said it had come up with a fix for the flaw, which it said had affected very few of its customers.

"We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user," a Yahoo representative said.

Both Yahoo and Symantec are encouraging people to update the antivirus definitions on their PCs.

Yamanner arrives in a Yahoo mailbox bearing the subject header "New Graphic Site." Once the message is opened, the computer becomes infected and the worm spreads itself to people on the Yahoo e-mail contact list. The harvested e-mail addresses are also sent to a remote online server, which Symantec suspects may use the information for spam campaigns.

"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected."

Yamanner exploits the Yahoo flaw by enabling the scripts that are embedded in HTML e-mails to be run by the user's Web browser.

The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said.

Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a "2." The security vendor uses a 1-to-5 rating system, with "5" as its most severe category.

"Antivirus definitions have been released for it, and Yahoo is working on a patch, so we don't want to cry wolf," Turner said. "Although there is the potential the worm will affect a larger number of people, for now to raise it to another (higher) level would be inappropriate."

He added it is premature to predict whether this worm will morph into other forms and attack other browser-based forms of e-mail, such as Google's Gmail.

Systems affected include Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to Symantec's advisory.

See more CNET content tagged:
worm, Yahoo! Inc., flaw, Symantec Corp., Yahoo! Mail

Add a Comment (Log in or register) (28 Comments)
  • prev
  • 1
  • next
Yahoo Groups
by TheReaperD June 12, 2006 3:18 PM PDT
This is playing hell with Yahoo groups. We're having to moderate member's posts because of it. We've had several people from the same list affected.
Reply to this comment
Yahoo will have a fix SOON!
by gary85739 June 12, 2006 3:24 PM PDT
Yahoo! will have a patch by the end of the week, at the latest! Probably sooner...
Reply to this comment
Too late
by Jackson Cracker June 12, 2006 4:41 PM PDT
By then, thousands of people will be infected. Yahoo is
to blame for unnecessarily changing their Webmail system
to require Javascript.
Help - Assistance required.with yahoo account
by sudhendra June 13, 2006 6:59 AM PDT
Is there a way, I could talk to customer service rep.of Yahoo who can help me with my account sudhi_bs and my friend's account madan7. I am willing to pay as well..

Thanks
Sudhi
where can I get patch?
by juppin June 14, 2006 10:39 AM PDT
How or where can I get this patch? Im desperate as I cannot log into my Ymail after opening 'New graphic site' email with worm!

thanks and if anyone can advise any way of getting rid of this worm
where can I get patch?
by juppin June 14, 2006 10:39 AM PDT
How or where can I get this patch? Im desperate as I cannot log into my Ymail after opening 'New graphic site' email with worm!

thanks and if anyone can advise any way of getting rid of this worm
Mac OS not affected
by jim_mac June 12, 2006 7:12 PM PDT
"Systems affected include Windows 2000, Windows 95, Windows
98, Windows Me, Windows NT, Windows Server 2003 and Windows
XP, according to Symantec's advisory."

Gee, what a surprise... yet another problem that does not affect
Macs! This makes one wonder why JavaScript seems to be getting
all the blame in this article. Could it be that the Microsoft operating
systems are at least partially to blame?!?
Reply to this comment
Linux neither!
by DJHeadley June 12, 2006 9:38 PM PDT
Boy am I glad I switched to Linux!
Mac OS is still kind of affected...
by ripete performer June 13, 2006 9:58 AM PDT
I am on a Mac G5, and while I haven't experienced any problems
with it, it appears that Macs can be "carriers" for this thing. I
actually opened it, and everyone in my address book was sent
the email. The worm may not actually harm us Macers, but it still
opens with us...
Worm wriggles through unpatched Yahoo and I have lost my password to Yahoo
by sudhendra June 12, 2006 7:26 PM PDT
The worm has affected me (yahoo profile: sudhi_bs and my friend (yahoo profile madan7).
We are not able to login. Worst part is we have forgotten the security question to reset our password and also our alternative email address are invalid as yahoo id were pretty much our identity for past 8-9 years. WE both have tons of confidential information in yahoo account. Is there a way we can talk to yahoo security or customer support team. We are genuine folks and not any spammers. We need our identity back. We need our nemesis back. Can any onehelp? I can be reached at 408 203 9960 or Sudhi.Seshachala@gmail.com
Thanks
Reply to this comment
Don't keep confidential info in a webmail account
by JoeF2 June 12, 2006 7:35 PM PDT
Geez, use a little bit of common sense.
Confidential information doesn't belong in a webmail account.
New sign-in scheme
by J.G. June 13, 2006 12:47 AM PDT
Yahoo Mail required that I fill out one of those bot evasion forms, but, other than that, I had no problem signing into regular Yahoo Mail. I haven't tried Yahoo 360.
I don't think so
by twinx1970 June 13, 2006 10:12 AM PDT
If you can't log in, then it's because of some other problem....this worm is a pain, but it doesn't wipe out passwords.
View reply
contact yahoo help
by ggupta7 June 13, 2006 5:12 PM PDT
I had this problem once. My friend knew my date of birth and answer to my secret question and he reset my password. Though I got my account back using the same info my friend used, I contacted yahoo support to change my secret question (you can't do it yourself). So try contacting them and they would help you
contact yahoo help
by ggupta7 June 13, 2006 5:12 PM PDT
I had this problem once. My friend knew my date of birth and answer to my secret question and he reset my password. Though I got my account back using the same info my friend used, I contacted yahoo support to change my secret question (you can't do it yourself). So try contacting them and they would help you
I have the same problem..
by juppin June 14, 2006 10:44 AM PDT
I have been in contact with yahoo customer service but I like you signed up a long time ago (when I was sceptic of giving out my real details) and now can not verify my registration, but I can log into every other part of yahoo so I was hoping I could maybe varify its my account through Ymessenger?? anyone know what I can do...as I need my email account back desperately!!!

thanks
LOST MY PASSWORD TO YAHOO
by tenchi_nage2002 August 28, 2006 5:13 PM PDT
I've been using YAHOO since 2000, never have an experience of losing my "PASSWORD", also have (3) three user's I.D. and (3) different PASSWORD with YAHOO, but never lost a single one. But you, how can lose your "PASSWORD" and answer to your secret question? Get an organizer where you can keep your secret PASSWORD AND USER'S I.D. and last but not the least, EAT MORE PEANUTS TO INCREASE YOUR MEMORY;-)
Oh please Yahoo!
by Lpahl June 12, 2006 8:37 PM PDT
They say "FEW" have been affected? The entire Yahoo Groups has been affected. Put it this way I don't know anyone associated with Yahoo Groups who has not been affected.

I cannot even get into Yahoo Groups anymore, they even have Yahoo Customer Care down.

As for the letter they emailed everyone? When and where?!?!
Reply to this comment
Headline should read 'Windows worm'
by J.G. June 13, 2006 12:38 AM PDT
Also, the grammar is a giveaway. The message should read g-r-a-p-h-i-c-s. Spammers and malware makers often make mistakes in spelling and grammar.
Reply to this comment
Headline is fine, it's not limited to Windows machines
by aabcdefghij987654321 June 13, 2006 10:34 AM PDT
It's a flaw in the Yahoo mail system that allows javascript from the source email to be executed by the receiver of the email and has no windows specific code.
You sure this isn't a IE BROWSER FLAW.....
by OneWithTech June 13, 2006 7:32 AM PDT
....and not a Yahoo JavaScript Screwup? Being a web developer I've see this a mile away? Javascript functionality is dumbed down because of IE's way of blocking certain script actions.

Take the MN Department of Public Safety. The code they use on there DMV site puts every DMV computer at risk of being exploited by this code. EVERY DVM PC.

There web code (MN DMV) requires the web code to use certain DNR printer templates that reside on the user's computer, not on a web server. So when someone from the MN DMV has to print out a DNR tag or any other orange tag for that matter the web code REQUIRES the need to access the printer templates on the local computer.

How does this put every MN DMV computer that uses this technology at risk? Well, say for instance a state employee decides to do there own surfing on lunch break ( I've personally seen this, so don't say it doesn't happen) and they come across a rogue website that uses JavaScript to access the local computer. You can figure out what can happen at this point. The security issues that this presents is just aw inspiring.

This would also allow TOTAL CONTROL of the host computer as well as the ability to download rogue code in the background unknown to the user until something terrible happens.

The solution for MN DMV:
Keep the template files on the web server for local web server access. You say there are so many people accessing the templates that it would decimate the performance of the servers! I tell you get a better IT staff, faster pipeline, and better servers. That will solve all of your problems. The MN DMV that is.

So you think that the MN DMV and Yahoo only have this problem you better check out your own web code. JavaScript is Super Powerful and part of the new Web 2.0 and AJAX era that's going on right now. So start practicing practical and safe coding!

Justin
Tech01.net
Reply to this comment
No, it's not an IE browser problem
by aabcdefghij987654321 June 13, 2006 10:37 AM PDT
It's a Yahoo mail system problem that allows Javascript from the sender of the email to act as the receiver of that email. Despite notes (and an incorrect "affected systesm" list) to the contrary, Mac and Linux users who use Yahoo mail are also subject to this worm.
Macs NOT safe!
by BenPanced June 13, 2006 10:21 AM PDT
Contrary to what Jimmy Mac posted earlier, this worm does go through on a Mac system. I'm running OS X at home and opened one of the infected emails in my Yahoo account. 24 hours later, I'd gotten hits from all of my Yahoo groups, all with my email address on them as the sender.
Reply to this comment
re: Macs NOT safe!
by aabcdefghij987654321 June 13, 2006 10:31 AM PDT
The list of affected systems for this is incorrect, it's any browser with Javascript enabled which is also capable of working with the Yahoo mail system which is affected but in this Windows centric world the clowns that built that list thought only about Windows.
I GOT HIT WITH YOUR WORM. HELP!
by Howard Moss June 13, 2006 11:07 AM PDT
I GOT YOUR WORM/VIRUS TWO DAYS AGO, I COULD NOT SEND ANY EMAILS. INCOMING WAS NOT A PROBLEM. I DELETED THE BETA VERSION OF INTERNET EXPLORER ANDI AM OK NOW.
Reply to this comment
yahoo worm
by gmoggo June 13, 2006 11:51 AM PDT
hi all,

here's the problem I've been having:
yahoo won't let me sign in, I can use messenger but it just won't recognize my ID and password when I sign in to check mail for instance, it keeps taking me back to the sign in page,

furthermore it seems my cookies have been disabled as my bank page and amazon who have cookies asked me to re-sign.

it could be the worm, thought I don't remember clicking on it but with the amount of crap I get everyday, I may have clicked it by mistake.

if yahoo has indeed emailed a fix, how can I open the email if I can't sign in? also I tried singing in from another computer and I got the same response, it would keep reloading the sign in page

any help? thanks
Reply to this comment
One man blog site does better
by btl-jooz June 14, 2006 5:55 PM PDT
job of reporting this issue than CNet.

READ it HERE: http://p2pnet.net/story/9059
Reply to this comment
(28 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Yahoo (0.00%) 0.00 15.45
Dow Jones Industrials (0.00%) 0.00 10,450.95
S&P 500 (0.00%) 0.00 1,106.24
NASDAQ (0.00%) 0.00 2,176.01
CNET TECH (0.00%) 0.00 1,604.16
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right