Symantec warns of mass-mail worm that exploits a vulnerability in Yahoo's Web e-mail
By Jeremy Kirk, IDG News Service
June 12, 2006
A mass-mail worm that exploits a vulnerability in Yahoo's Web e-mail is making the rounds but the impact appears to be low, security vendor Symantec said Monday.
The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
The worm, written in JavaScript, takes advantage of a vulnerability that allows scripts embedded in HTML (Hypertext Markup Language) e-mail to run in the users' browsers. Yahoo users should be able to modify their settings to block the zero-day exploit, Hogan said.
Read More
No comments:
Post a Comment