Worm Wriggles Through Yahoo! Mail Flaw

Jasen Bell writes to mention a ZDNet article about a clever new worm affecting users of Yahoo!'s email service. The virus uses a flaw in JavaScript to infect a computer when an email is opened from the user's web-based mail. From the article: "The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said. Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.' The security vendor uses a 1-to-5 rating system, with '5' as its most severe category."

Copies available

[Anonymous Coward]

I have a copy of this. I can forward it to anyone with a Yahoo! Mail account for further inspection. Isn't Open Source wonderful?

Can't we all just leave each other alone?

[NotQuiteReal]

Ironically, those of us with no contacts in our yahoo mail make for the best of friends!

Re:JavaScript and CSS

[fputs(shit, slashdot]

Redesign CSS now so it does not depend on enabling JavaScript.

Try:

crack-cocaine { smoke: false; }

Re:Exploits a javascript bug?

[99BottlesOfBeerInMyF]

The article is lacking many details, like specifically which browsers seem to be vulnerable to this problem, or even if this is a browser bug that it is exploiting.... It could be a server side problem they are exploiting, or a client side browser bug.

It is a server side bug. They allow javascript to run in mail messages.

It says the vulnerable systems are every Windows OS, so it appears to be a client side problem with Internet Exploder

I saw it work under OS X 10.4 and Safari in my GF's account. For slightly more info check out this link [trendmicro.com].

Re:First reported

[Sloppy]

My question is: who thought it was a good idea to enable JavaScript in emails?

My question is: who thought it was a good idea to enable Javascript in web browsers?

Re:Fixed.

[tehwebguy]

yes, actually i was the one who came up with the fix for it.
it went something like this:

$body = strip_tags($body);

Re:"This worm is a 2."

[format1337]

we're at terror alert orange! Which means something might go down somewhere in some way at some point in time. So look sharp!

Re:Javascript == web security problem number 1

[GabboFlabbo]

Users: disable javascript Devs: Make sure your site is functional without javascript What's so difficult to grasp here?

I agree 99%. I'd also recommend turning off your computer and hiding under your desk.

Re:First reported

[ch-chuck]

Somewhere, there's an advertising executive with big bucks who thinks it would be a great idea to enable ring-0 kernel mode privilidged assembly code in email so they can not only install a new graphics driver, but also set the screen resolution and audio level to appropriate levels for optimum customer experience of their special purchasing opportunity announcements.