Worm targets Yahoo mail

YAHOO EMAIL users have been walloped by a worm that exploits a javascript flaw in the system.

Security outfit Symantec said that the Yamanner worm targets all versions of Yahoo Web-based mail except the latest beta version.

Yahoo has come up with a fix for the flaw and claims that few people were affected by it.

It has distributed a fix to all Yahoo Mail customers who can go to bed safe in the knowledge that it will not do them any harm, a spokesman said. The worm arrives in a Yahoo mailbox bearing the subject header "New Graphic Site."

When it is opened the computer becomes infected and the worm spreads itself to people on the Yahoo e-mail contact list. It harvests the email addresses and sends them to a remote online server.

The clever thing is that Yamanner takes advantage of a JavaScript and the user doesn't even have to click on an attachment to get infected. It uses the scripts that are embedded in HTML to be run by the user's Web browser. However Yahoo's claims that the worm had done any harm to its users might be a little understated.

According to News.com, in the few hours that it was running it hit its remote server more than 100,000 times. More here. µ