• United States



by Dave Gradijan

Symantec Identifies New JavaScript Worm

Jun 12, 20062 mins
CSO and CISOData and Information Security

Symantec on Monday noted a new JavaScript worm that exploits an unpatched vulnerability in Yahoo Web mail. This vulnerability enables scripts embedded in HTML e-mails to be run by the user’s browser, which are normally blocked by Yahoo Mail for security reasons.

The worm, JS.Yamanner@m, spreads from person to person when the user opens the e-mail that is originally sent by the worm. The worm then sends itself to the user’s contacts that also use Yahoo Mail, while simultaneously sending those e-mail addresses to a remote server on the Internet.

Only those using contacts with an e-mail address that is or will be affected by this. Symantec Security Response is currently categorizing JS.Yamanner as a Level 2 threat.

Kevin Hogan, senior manager of Symantec Security Response, comments: “This worm is a twist on the traditional mass mailing worms that we have seen in recent years, and is very much in line with the trend for threats that target personal information. Unlike its predecessors, which would require the user to open an attachment in order to launch and propagate, JS.Yamanner makes use of a security hole in the Yahoo Web mail program in order to spread to other Yahoo users. Users of Yahoo Mail Beta do not appear to be vulnerable to JS.Yamanner.”

The e-mail can be distinguished by its title and contents:


Subject: New Graphic Site

Body: this is test

Additionally, if users inadvertently open this infected e-mail, they will also see that their browser window is redirected to display the webpage associated with the URL: [http://]

“Yahoo is a popular e-mail tool, and although normally closed to such threats, the exploitation of this vulnerability provides access to a significant number of Internet users. As there is no patch at present, users are recommended to update virus definitions and firewall signatures and to block any e-mails sent from,” concludes Hogan.

-Computing SA staff, Computing South Africa

Keep checking in at our CSO Security Feed page for updated news coverage.