Worm wriggles through Yahoo mail flaw

A new worm that targets Yahoo e-mail users is on the loose, taking advantage of an JavaScript flaw, a security company has warned.

The Yamanner worm targets all versions of Yahoo Web-based mail except the latest beta version, Symantec said in an advisory released Monday.

At the time of the advisory, there was no patch for the vulnerability. But by later on Monday, Yahoo said it had come up with a fix for the flaw, which it said had affected very few of its customers.

"We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo Mail customers, and requires no additional action on the part of the user," a Yahoo representative said.

Both Yahoo and Symantec are encouraging people to update the antivirus definitions on their PCs.

Yamanner arrives in a Yahoo mailbox bearing the subject header "New Graphic Site." Once the message is opened, the computer becomes infected and the worm spreads itself to people on the Yahoo e-mail contact list. The harvested e-mail addresses are also sent to a remote online server, which Symantec suspects may use the information for spam campaigns.

"The worm is taking a pretty novel approach," said Dean Turner, senior manager of Symantec Security Response. "It takes advantage of a JavaScript vulnerability, so the user doesn't even have to click on an attachment to get infected."

Yamanner exploits the Yahoo flaw by enabling the scripts that are embedded in HTML e-mails to be run by the user's Web browser.

The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said.

Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a "2." The security vendor uses a 1-to-5 rating system, with "5" as its most severe category.

"Antivirus definitions have been released for it, and Yahoo is working on a patch, so we don't want to cry wolf," Turner said. "Although there is the potential the worm will affect a larger number of people, for now to raise it to another (higher) level would be inappropriate."

He added it is premature to predict whether this worm will morph into other forms and attack other browser-based forms of e-mail, such as Google's Gmail.

Systems affected include Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP, according to Symantec's advisory.

[TheReaperD]

Yahoo Groups

This is playing hell with Yahoo groups. We're having to moderate member's posts because of it. We've had several people from the same list affected.

[gary85739]

Yahoo will have a fix SOON!

Yahoo! will have a patch by the end of the week, at the latest! Probably sooner...

[Jackson Cracker]

Too late

By then, thousands of people will be infected. Yahoo is
to blame for unnecessarily changing their Webmail system
to require Javascript.

[sudhendra]

Help - Assistance required.with yahoo account

Is there a way, I could talk to customer service rep.of Yahoo who can help me with my account sudhi_bs and my friend's account madan7. I am willing to pay as well..

Thanks
Sudhi

[juppin]

where can I get patch?

How or where can I get this patch? Im desperate as I cannot log into my Ymail after opening 'New graphic site' email with worm!

thanks and if anyone can advise any way of getting rid of this worm

[juppin]

where can I get patch?

How or where can I get this patch? Im desperate as I cannot log into my Ymail after opening 'New graphic site' email with worm!

thanks and if anyone can advise any way of getting rid of this worm

[jim_mac]

Mac OS not affected

"Systems affected include Windows 2000, Windows 95, Windows
98, Windows Me, Windows NT, Windows Server 2003 and Windows
XP, according to Symantec's advisory."

Gee, what a surprise... yet another problem that does not affect
Macs! This makes one wonder why JavaScript seems to be getting
all the blame in this article. Could it be that the Microsoft operating
systems are at least partially to blame?!?

[DJHeadley]

Linux neither!

Boy am I glad I switched to Linux!

[ripete performer]

Mac OS is still kind of affected...

I am on a Mac G5, and while I haven't experienced any problems
with it, it appears that Macs can be "carriers" for this thing. I
actually opened it, and everyone in my address book was sent
the email. The worm may not actually harm us Macers, but it still
opens with us...

[sudhendra]

Worm wriggles through unpatched Yahoo and I have lost my password to Yahoo

The worm has affected me (yahoo profile: sudhi_bs and my friend (yahoo profile madan7).
We are not able to login. Worst part is we have forgotten the security question to reset our password and also our alternative email address are invalid as yahoo id were pretty much our identity for past 8-9 years. WE both have tons of confidential information in yahoo account. Is there a way we can talk to yahoo security or customer support team. We are genuine folks and not any spammers. We need our identity back. We need our nemesis back. Can any onehelp? I can be reached at 408 203 9960 or Sudhi.Seshachala@gmail.com
Thanks

[JoeF2]

Don't keep confidential info in a webmail account

Geez, use a little bit of common sense.
Confidential information doesn't belong in a webmail account.

[J.G.]

New sign-in scheme

Yahoo Mail required that I fill out one of those bot evasion forms, but, other than that, I had no problem signing into regular Yahoo Mail. I haven't tried Yahoo 360.

[twinx1970]

I don't think so

If you can't log in, then it's because of some other problem....this worm is a pain, but it doesn't wipe out passwords.

[ggupta7]

contact yahoo help

I had this problem once. My friend knew my date of birth and answer to my secret question and he reset my password. Though I got my account back using the same info my friend used, I contacted yahoo support to change my secret question (you can't do it yourself). So try contacting them and they would help you

[ggupta7]

contact yahoo help

I had this problem once. My friend knew my date of birth and answer to my secret question and he reset my password. Though I got my account back using the same info my friend used, I contacted yahoo support to change my secret question (you can't do it yourself). So try contacting them and they would help you

[juppin]

I have the same problem..

I have been in contact with yahoo customer service but I like you signed up a long time ago (when I was sceptic of giving out my real details) and now can not verify my registration, but I can log into every other part of yahoo so I was hoping I could maybe varify its my account through Ymessenger?? anyone know what I can do...as I need my email account back desperately!!!

thanks

[tenchi_nage2002]

LOST MY PASSWORD TO YAHOO

I've been using YAHOO since 2000, never have an experience of losing my "PASSWORD", also have (3) three user's I.D. and (3) different PASSWORD with YAHOO, but never lost a single one. But you, how can lose your "PASSWORD" and answer to your secret question? Get an organizer where you can keep your secret PASSWORD AND USER'S I.D. and last but not the least, EAT MORE PEANUTS TO INCREASE YOUR MEMORY;-)

[Lpahl]

Oh please Yahoo!

They say "FEW" have been affected? The entire Yahoo Groups has been affected. Put it this way I don't know anyone associated with Yahoo Groups who has not been affected.

I cannot even get into Yahoo Groups anymore, they even have Yahoo Customer Care down.

As for the letter they emailed everyone? When and where?!?!

[J.G.]

Headline should read 'Windows worm'

Also, the grammar is a giveaway. The message should read g-r-a-p-h-i-c-s. Spammers and malware makers often make mistakes in spelling and grammar.

[aabcdefghij987654321]

Headline is fine, it's not limited to Windows machines

It's a flaw in the Yahoo mail system that allows javascript from the source email to be executed by the receiver of the email and has no windows specific code.

[OneWithTech]

You sure this isn't a IE BROWSER FLAW.....

....and not a Yahoo JavaScript Screwup? Being a web developer I've see this a mile away? Javascript functionality is dumbed down because of IE's way of blocking certain script actions.

Take the MN Department of Public Safety. The code they use on there DMV site puts every DMV computer at risk of being exploited by this code. EVERY DVM PC.

There web code (MN DMV) requires the web code to use certain DNR printer templates that reside on the user's computer, not on a web server. So when someone from the MN DMV has to print out a DNR tag or any other orange tag for that matter the web code REQUIRES the need to access the printer templates on the local computer.

How does this put every MN DMV computer that uses this technology at risk? Well, say for instance a state employee decides to do there own surfing on lunch break ( I've personally seen this, so don't say it doesn't happen) and they come across a rogue website that uses JavaScript to access the local computer. You can figure out what can happen at this point. The security issues that this presents is just aw inspiring.

This would also allow TOTAL CONTROL of the host computer as well as the ability to download rogue code in the background unknown to the user until something terrible happens.

The solution for MN DMV:
Keep the template files on the web server for local web server access. You say there are so many people accessing the templates that it would decimate the performance of the servers! I tell you get a better IT staff, faster pipeline, and better servers. That will solve all of your problems. The MN DMV that is.

So you think that the MN DMV and Yahoo only have this problem you better check out your own web code. JavaScript is Super Powerful and part of the new Web 2.0 and AJAX era that's going on right now. So start practicing practical and safe coding!

Justin
Tech01.net

[aabcdefghij987654321]

No, it's not an IE browser problem

It's a Yahoo mail system problem that allows Javascript from the sender of the email to act as the receiver of that email. Despite notes (and an incorrect "affected systesm" list) to the contrary, Mac and Linux users who use Yahoo mail are also subject to this worm.

[BenPanced]

Macs NOT safe!

Contrary to what Jimmy Mac posted earlier, this worm does go through on a Mac system. I'm running OS X at home and opened one of the infected emails in my Yahoo account. 24 hours later, I'd gotten hits from all of my Yahoo groups, all with my email address on them as the sender.

[aabcdefghij987654321]

re: Macs NOT safe!

The list of affected systems for this is incorrect, it's any browser with Javascript enabled which is also capable of working with the Yahoo mail system which is affected but in this Windows centric world the clowns that built that list thought only about Windows.

[Howard Moss]

I GOT HIT WITH YOUR WORM. HELP!

I GOT YOUR WORM/VIRUS TWO DAYS AGO, I COULD NOT SEND ANY EMAILS. INCOMING WAS NOT A PROBLEM. I DELETED THE BETA VERSION OF INTERNET EXPLORER ANDI AM OK NOW.

[gmoggo]

yahoo worm

hi all,

here's the problem I've been having:
yahoo won't let me sign in, I can use messenger but it just won't recognize my ID and password when I sign in to check mail for instance, it keeps taking me back to the sign in page,

furthermore it seems my cookies have been disabled as my bank page and amazon who have cookies asked me to re-sign.

it could be the worm, thought I don't remember clicking on it but with the amount of crap I get everyday, I may have clicked it by mistake.

if yahoo has indeed emailed a fix, how can I open the email if I can't sign in? also I tried singing in from another computer and I got the same response, it would keep reloading the sign in page

any help? thanks

[btl-jooz]

One man blog site does better

job of reporting this issue than CNet.

READ it HERE: http://p2pnet.net/story/9059