Yahoo Inc, which offers Yahoo! mail has announced that it has managed to contain the malicious program aimed at its e-mail service users.
The javaScript worm - JS.Yamanner@m, exploited an unlatched vulnerability in Yahoo!'s email program that enabled normally blocked scripts embedded in HTML e-mails to be run by the user's browser.
Unlike other worms, it did not require any attachment to be opened, but spread itself to the contacts in the address book just at the instance of the e-mail being opened. It also sent these e-mail addresses to a remote server on the Internet, and directed the user's browser to the URL www.av3.net/index.htm.
Only users with a @yahoo.com or @yahoogroups.com e-mail address are susceptible and Yahoo! Mail Beta users seem unaffected by JS.Yamanner.
The mail itself is easy enough to identify, since it is spoofed to appear sent from e-mail address av3@yahoo.com, the subject is 'New Graphic Site' and says 'this is test' in its body.
As a precaution against variations on the Yamanner worm, Yahoo has advised its e-mail users to update their antivirus programs and block all incoming correspondence from av3@yahoo.com.
