Symantec on Monday noted a new JavaScript worm that exploits an unpatched vulnerability in Yahoo Web mail. This vulnerability enables scripts embedded in HTML e-mails to be run by the user’s browser, which are normally blocked by Yahoo Mail for security reasons.The worm, JS.Yamanner@m, spreads from person to person when the user opens the e-mail that is originally sent by the worm. The worm then sends itself to the user’s contacts that also use Yahoo Mail, while simultaneously sending those e-mail addresses to a remote server on the Internet.Only those using contacts with an e-mail address that is @yahoo.com or @yahoogroups.com will be affected by this. Symantec Security Response is currently categorizing JS.Yamanner as a Level 2 threat.Kevin Hogan, senior manager of Symantec Security Response, comments: “This worm is a twist on the traditional mass mailing worms that we have seen in recent years, and is very much in line with the trend for threats that target personal information. Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a security hole in the Yahoo Web mail program in order to spread to other Yahoo users. Users of Yahoo Mail Beta do not appear to be vulnerable to JS.Yamanner.” The e-mail can be distinguished by its title and contents:From: av3@yahoo.com Subject: New Graphic SiteBody: this is testAdditionally, if users inadvertently open this infected e-mail, they will also see that their browser window is redirected to display the webpage associated with the URL: [http://]www.av3.net/index.htm.“Yahoo is a popular e-mail tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of Internet users. As there is no patch at present, users are recommended to update virus definitions and firewall signatures and to block any e-mails sent from av3@yahoo.com,” concludes Hogan.-Computing SA staff, Computing South AfricaKeep checking in at our CSO Security Feed page for updated news coverage. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe