Worm Wriggles Through Yahoo! Mail Flaw 186
Jasen Bell writes to mention a ZDNet article about a clever new worm affecting users of Yahoo!'s email service. The virus uses a flaw in JavaScript to infect a computer when an email is opened from the user's web-based mail. From the article: "The worm, which was spotted in the wild early this morning, has hit the remote server more than 100,000 times, forwarding Yahoo e-mail addresses harvested from unsuspecting users, Turner said. Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.' The security vendor uses a 1-to-5 rating system, with '5' as its most severe category."
Copies available (Score:1, Funny)
Can't we all just leave each other alone? (Score:4, Funny)
Re:JavaScript and CSS (Score:2, Funny)
Re:Exploits a javascript bug? (Score:3, Funny)
The article is lacking many details, like specifically which browsers seem to be vulnerable to this problem, or even if this is a browser bug that it is exploiting.... It could be a server side problem they are exploiting, or a client side browser bug.
It is a server side bug. They allow javascript to run in mail messages.
It says the vulnerable systems are every Windows OS, so it appears to be a client side problem with Internet Exploder
I saw it work under OS X 10.4 and Safari in my GF's account. For slightly more info check out this link [trendmicro.com].
Re:First reported (Score:2, Funny)
My question is: who thought it was a good idea to enable Javascript in web browsers?
Re:Fixed. (Score:3, Funny)
it went something like this:
Re:"This worm is a 2." (Score:2, Funny)
Re:Javascript == web security problem number 1 (Score:2, Funny)
Re:First reported (Score:2, Funny)