Worm Spreads via Vulnerability in Yahoo Mail

By | June 13, 2006

Security experts from MicroWorld Technologies inform that this script worm does not require the recipient to download any attachment, as it exploits a vulnerability in the ‘onload event handling’ of the yahoo mail system to sneak into user computers. Yamanner then moves on to stealing email addresses from the address book of the victim using the Yahoo QuickBuilder Tool and starts sending itself to email ids with ‘@yahoo.com’ and ‘@yahoogroups.com’ domains.

Besides proliferating via spamming, it also sends the address list to the remote attacker. This could possibly be used for large scale email campaigns and other nefarious activities by online marketers and cyber criminals.

The mail then redirects the browser towards websites that market online animations and graphics, which stirs up popup ads on victim’s computer screen. In another case, the user is asked to download a gambling program called Casino Tropez.

“The fact this worm redirects browsers to certain websites is a matter of concern,” said Arti Taru, Assistant Manager, R&D, MicroWorld Technologies. “With slight modifications done, this worm can act as a Trojan Downloader, which can go to malicious websites and invite graver threats. When you a have a mail system so vast in reach like Yahoo, this possibility can be instrumental in wide-spread infections.”

MicroWorld produces the world’s most advanced security solutions eScan and MailScan, powered by the fastest updated AntiVirus system and the unique MWL technology. eScan and MailScan forcefully scan the body of HTML messages to prevent Script Viruses and Worms entering information systems. The Content Administrator module of eScan offers ‘Active Content Blocking’, where you can block java applets, java scripts and VB scripts while accessing websites.

“It’s an increasing trend from malware writers to explore vulnerabilities in popular web applications and browsers, to inject Java scripts, VB scripts and other malware codes into user computers. The best solution to this breed of threats would be to rely on an intelligent AntiVirus system that can block all types of script worms. It’s also vital for the security system to have a multi-layered spam filtering mechanism,” said Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies.

Leave a Reply